Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing http://www.searchqu.com/406 [Closed]

Started by cardav , Feb 12 2012 05:49 AM

  • This topic is locked This topic is locked

#1
cardav
Posted 12 February 2012 - 05:49 AM

cardav

    New Member

  • Member
  • Pip
  • 5 posts
After trying to download some academic papers I am left with http://www.searchqu.com/406 on my PC. I have removed the apps using the uninstall tool but still find that my IE browser is permanently linked to http://www.searchqu.com/406.

I have been able to remove this from Firefox.

Below is the log from a HijackThis scan.

Any help to fully remove this greatfully appreciated!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:00, on 12/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ffwiki
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.fflon-crm04
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.6.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.ffastfill.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hq.ffastfill.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hq.ffastfill.com
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14174 bytes
  • 0

Advertisements

#2
WhiteHat
Posted 12 February 2012 - 07:51 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello cardav and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat
Posted 12 February 2012 - 07:52 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
cardav
Posted 24 February 2012 - 09:54 PM

cardav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Firstly thanks so much for taking the time to look at this. Huge apologies for taking so long to respond. Here are the two outputs you requested;

Extras.Txt

OTL Extras logfile created on: 25/02/2012 03:42:23 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\caroline.davis\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.24% Memory free
7.87 Gb Paging File | 5.99 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 231.96 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: CAROLINE-LPT | User Name: Caroline.Davis | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{50E9E32F-063A-412A-9627-553D5DA57C17}" = ESET NOD32 Antivirus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services Sign-in Assistant
"{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C524D20-0409-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"{0C524DC1-0409-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 English (United States) Language Pack
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28DA3304-9EC2-4097-BC64-B59A1958841F}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{797B30F0-D301-4C16-9D68-C708D5B2C62D}" = Supportworks Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8B274C3-3E4D-433D-BA0D-C27EB834AEA6}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D2D3721A-CEA1-4BC1-9AEF-2C90771B6A09}" = Adxstudio Portals for Microsoft Dynamics CRM 2011 version 4.1.0010
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"OpenVPN" = OpenVPN 2.1_rc15
"PDF reDirect" = PDF reDirect (remove only)
"SZCCID" = Alcor Micro Smart Card Reader Driver
"WinCHM 4.27 - Help authoring software_is1" = WinCHM 4.27
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/02/2012 23:37:29 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.hq.ffastfill.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.hq.ffastfill.com because it could not be resolved.

Error - 24/02/2012 23:37:29 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.hq.ffastfill.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.hq.ffastfill.com because it could not be resolved.

Error - 24/02/2012 23:37:29 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.hq.ffastfill.com
because it could not be resolved.

Error - 24/02/2012 23:37:29 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.hq.ffastfill.com
because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipinternal.hq.ffastfill.com
because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipinternal.hq.ffastfill.com
because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.hq.ffastfill.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.hq.ffastfill.com because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.hq.ffastfill.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.hq.ffastfill.com because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.hq.ffastfill.com
because it could not be resolved.

Error - 24/02/2012 23:37:31 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.hq.ffastfill.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.hq.ffastfill.com
because it could not be resolved.

[ Broadcom Wireless LAN Events ]
Error - 07/02/2012 06:02:56 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = WLAN-Tray | ID = 0
Description = 10:02:56, Tue, Feb 07, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 24/02/2012 19:28:38 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 24/02/2012 23:33:13 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HQ due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 24/02/2012 23:34:54 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:33:05 on ?25/?02/?2012 was unexpected.

Error - 24/02/2012 23:34:56 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = BugCheck | ID = 1001
Description =

Error - 24/02/2012 23:34:59 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HQ due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 24/02/2012 23:36:02 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:34:54 on ?25/?02/?2012 was unexpected.

Error - 24/02/2012 23:36:05 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = BugCheck | ID = 1001
Description =

Error - 24/02/2012 23:36:08 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HQ due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 24/02/2012 23:36:11 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 24/02/2012 23:36:35 | Computer Name = Caroline-lpt.hq.ffastfill.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.


< End of report >

OTL.Txt

OTL logfile created on: 25/02/2012 03:42:23 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\caroline.davis\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.24% Memory free
7.87 Gb Paging File | 5.99 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 231.96 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: CAROLINE-LPT | User Name: Caroline.Davis | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 03:41:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
PRC - [2012/01/18 18:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/16 08:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
PRC - [2012/01/11 16:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/01/28 15:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/01/11 10:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/03 22:16:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/03 22:16:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/11/19 18:23:06 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2008/11/19 18:22:20 | 000,549,888 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 11:43:46 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2cc0a34119d625950a3f9fd7ad1788b1\IAStorUtil.ni.dll
MOD - [2012/02/17 11:01:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/17 11:01:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 11:00:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/17 11:00:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/17 11:00:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 11:00:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 11:00:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 11:00:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/06 15:01:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2012/02/06 15:00:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/11/19 18:23:06 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2008/11/19 18:23:04 | 001,181,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2008/11/19 18:23:04 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll
MOD - [2008/11/19 18:23:04 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libpkcs11-helper-1.dll
MOD - [2008/11/19 18:22:20 | 000,549,888 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/06 11:19:43 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/27 09:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/21 19:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/07/29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/02 23:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 10:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/16 08:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc) SQL Server (CRM)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/01/21 19:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/11 10:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/01/03 22:16:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/03 22:16:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/19 18:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/06 11:19:43 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/02/06 11:19:43 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/09/16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/05 00:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 09:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/18 10:38:42 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/28 11:25:58 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/12/21 10:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/12/02 17:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/07/20 21:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 21:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 21:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 14:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 22:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/19 18:22:38 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ffwiki
IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ffwiki
IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/search?q="
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/02/07 10:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 20:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/10 08:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/02/07 10:37:38 | 000,000,000 | ---D | M]

[2012/02/12 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caroline.davis\AppData\Roaming\mozilla\Extensions
[2012/02/12 11:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caroline.davis\AppData\Roaming\mozilla\Firefox\Profiles\9mhe59wp.default\extensions
[2012/02/12 10:57:03 | 000,002,519 | ---- | M] () -- C:\Users\caroline.davis\AppData\Roaming\Mozilla\Firefox\Profiles\9mhe59wp.default\searchplugins\Search_Results.xml
[2012/02/12 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 20:54:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/20 20:54:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 20:54:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/20 20:54:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 20:54:34 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 10:57:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/20 20:54:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\..Trusted Domains: fflon-crm04 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1409082233-1592454029-682003330-10877\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.90.90.220 81.90.90.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.ffastfill.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB209C21-30BF-4230-8C13-9D72E3DC5E8E}: DhcpNameServer = 10.44.0.70 81.90.90.221 81.90.90.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8DDA249-1BA9-4D82-8C21-CD1B61784D21}: DhcpNameServer = 81.90.90.220 81.90.90.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D758D2C4-2EB1-4E89-9FBD-5B6420B01039}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{032bb02c-5c60-11e1-82cc-e02a82ffd845}\Shell - "" = AutoRun
O33 - MountPoints2\{032bb02c-5c60-11e1-82cc-e02a82ffd845}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 03:41:04 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
[2012/02/22 23:35:50 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adxstudio xRM Portals 4
[2012/02/19 15:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF reDirect
[2012/02/19 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2012/02/19 14:55:15 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\PDF reDirect
[2012/02/19 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF reDirect
[2012/02/17 18:06:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Microsoft Help
[2012/02/17 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Hornbill
[2012/02/17 09:51:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 09:51:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 09:51:35 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 09:51:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 09:51:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 09:51:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 09:51:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 09:51:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 09:51:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 09:51:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 09:51:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 19:33:50 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 19:33:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 19:33:35 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 19:33:10 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Desktop\New folder
[2012/02/16 19:20:17 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\ElevatedDiagnostics
[2012/02/16 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\HpUpdate
[2012/02/12 11:38:35 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/12 11:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/12 11:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2012/02/12 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/02/12 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\ESET
[2012/02/12 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Ilivid Player
[2012/02/12 10:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/12 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\PackageAware
[2012/02/11 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Documents\M801
[2012/02/10 09:36:24 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Desktop\To file
[2012/02/10 08:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/10 08:07:49 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Adobe
[2012/02/10 08:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/02/10 08:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/10 08:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/10 07:55:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Macromedia
[2012/02/10 07:54:24 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/10 07:54:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\WinRAR
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/09 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/02/09 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/02/09 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Mozilla
[2012/02/09 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Mozilla
[2012/02/09 17:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/09 07:37:19 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Broadcom
[2012/02/09 07:37:19 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Documents\Bluetooth Exchange Folder
[2012/02/08 18:37:39 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$CRM-sqlctr10.1.2531.0.dll
[2012/02/08 18:37:14 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$CRM-sqlagtctr10.1.2531.0.dll
[2012/02/08 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012/02/08 18:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/02/08 18:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/02/08 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/02/08 18:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Dynamics CRM 2011
[2012/02/08 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Identity Foundation
[2012/02/08 18:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Identity Foundation
[2012/02/08 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/08 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/08 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\PFiles
[2012/02/08 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\DW
[2012/02/08 18:18:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Client
[2012/02/08 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\IsolatedStorage
[2012/02/08 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Dynamics CRM
[2012/02/08 17:38:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/02/08 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012/02/08 17:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012/02/08 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/02/08 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012/02/08 17:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/02/08 17:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/02/08 17:03:53 | 000,837,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Hha.dll
[2012/02/08 17:03:53 | 000,154,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Itcc.dll
[2012/02/08 17:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCHM
[2012/02/08 17:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WinCHM
[2012/02/08 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softany
[2012/02/08 16:50:54 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Research In Motion
[2012/02/08 16:50:52 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Research In Motion
[2012/02/08 16:45:21 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012/02/08 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/02/08 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/02/08 16:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2012/02/08 16:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2012/02/08 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/02/08 16:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/02/08 16:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/02/08 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\ICAClient
[2012/02/08 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Citrix
[2012/02/08 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/02/08 16:31:28 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/02/08 16:30:16 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/02/08 16:30:15 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/02/08 16:30:13 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/02/08 16:30:12 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/02/08 16:30:12 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/02/08 16:30:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/02/08 16:30:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/02/08 16:30:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/02/08 16:30:12 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/02/08 16:28:02 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supportworks Client
[2012/02/08 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hornbill
[2012/02/08 16:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinkedIn
[2012/02/08 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Download Manager
[2012/02/08 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Dropbox
[2012/02/08 16:00:43 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Adobe
[2012/02/08 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\MigWiz
[2012/02/08 15:46:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\hpqLog
[2012/02/08 15:46:27 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Intel Corporation
[2012/02/08 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Tracing
[2012/02/08 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Synaptics
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Searches
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/08 15:45:57 | 000,000,000 | -H-D | C] -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/08 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Identities
[2012/02/08 15:45:46 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Contacts
[2012/02/08 15:45:34 | 000,000,000 | --SD | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Videos
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Saved Games
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Pictures
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Music
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Links
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Favorites
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Downloads
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Documents
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Desktop
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\Temporary Internet Files
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Templates
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Start Menu
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\SendTo
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Recent
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\PrintHood
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\NetHood
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Videos
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Pictures
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Music
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\My Documents
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Local Settings
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\History
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Cookies
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Application Data
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\Application Data
[2012/02/08 15:45:34 | 000,000,000 | -H-D | C] -- C:\Users\caroline.davis\AppData
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Temp
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Microsoft
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Media Center Programs
[2012/02/07 11:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012/02/07 11:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/07 10:35:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/07 10:35:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/07 10:35:39 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/07 10:35:39 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/07 10:35:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/07 10:35:39 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/07 10:35:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/07 10:35:39 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/07 10:35:39 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/07 10:35:39 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/07 10:35:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/07 10:35:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/07 10:35:39 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/07 10:35:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/07 10:35:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/07 10:35:39 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/07 10:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/07 10:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/07 10:35:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/07 10:35:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/07 10:35:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/07 10:35:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/07 10:35:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/07 10:35:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/07 10:35:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/07 10:35:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/07 10:35:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/07 10:35:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/07 10:35:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/07 10:35:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/07 10:35:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/07 10:35:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/07 10:35:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/07 10:35:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/07 10:35:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/07 10:35:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/07 10:35:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/07 10:35:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/07 10:35:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/07 10:35:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/07 10:35:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/07 10:35:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/07 10:35:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/07 10:35:39 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/07 10:35:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/07 10:35:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/07 10:35:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/07 10:35:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/07 10:35:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/07 10:35:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/07 10:35:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/07 10:00:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/06 18:40:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/06 14:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/06 14:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/06 14:32:55 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/06 14:32:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/06 14:32:49 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/06 14:32:49 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/06 14:32:49 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/06 14:32:49 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/06 14:32:49 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/06 14:32:49 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/06 14:32:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/06 14:32:48 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/06 14:32:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/06 14:32:48 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/06 14:32:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/06 14:32:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/06 14:32:48 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/06 14:32:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/06 14:32:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/06 14:32:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/06 14:32:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/06 14:32:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/06 14:32:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/06 14:32:42 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/06 14:32:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/02/06 14:32:42 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/06 14:32:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/06 14:32:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/02/06 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/02/06 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/02/06 13:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/02/06 13:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2012/02/06 13:42:50 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/02/06 13:31:01 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/06 13:31:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/02/06 13:31:01 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/02/06 13:31:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/02/06 13:31:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/02/06 13:31:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/02/06 13:31:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/02/06 13:31:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/02/06 13:31:00 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/02/06 13:31:00 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/02/06 13:31:00 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/02/06 13:31:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/02/06 13:30:57 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/02/06 13:30:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/02/06 13:30:49 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/02/06 13:30:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/02/06 13:30:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/02/06 13:30:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/02/06 13:30:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/02/06 13:30:42 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/02/06 13:30:42 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/02/06 13:30:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/02/06 13:30:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/02/06 13:30:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/02/06 13:30:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/02/06 13:30:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/02/06 13:30:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/02/06 13:30:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/02/06 13:30:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/02/06 13:30:41 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/02/06 13:30:41 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/02/06 13:30:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/02/06 13:30:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/02/06 13:30:36 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/02/06 13:30:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/02/06 13:30:36 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/02/06 13:30:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/02/06 13:30:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/02/06 13:30:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/02/06 13:30:35 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/02/06 13:30:35 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/02/06 13:30:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/02/06 13:30:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/02/06 13:30:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/02/06 13:30:34 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/06 13:30:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/02/06 13:30:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/02/06 13:30:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/02/06 13:30:20 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/02/06 13:30:20 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/02/06 13:30:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/02/06 13:30:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/02/06 13:30:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/02/06 13:30:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/02/06 13:30:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/02/06 13:30:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/02/06 13:30:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/02/06 13:30:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/02/06 13:30:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/02/06 13:30:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/02/06 13:30:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/02/06 13:30:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/02/06 13:30:17 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/02/06 13:30:17 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/02/06 13:30:17 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/02/06 13:30:17 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/02/06 13:30:17 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/02/06 13:30:17 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/02/06 13:30:17 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/02/06 13:30:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/02/06 13:30:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/02/06 13:30:08 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/02/06 13:30:08 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/02/06 13:30:08 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/06 13:29:12 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/02/06 13:28:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/02/06 13:28:55 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/02/06 13:27:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/02/06 13:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/06 12:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2012/02/06 12:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012/02/06 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Communicator
[2012/02/06 11:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/02/06 11:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/06 11:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/06 11:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/06 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/06 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/06 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/06 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/06 11:49:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/02/06 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Validity
[2012/02/06 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
[2012/02/06 11:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/02/06 11:30:41 | 000,415,528 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/02/06 11:30:41 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo7.dll
[2012/02/06 11:30:07 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysWow64\jmcricon.dll
[2012/02/06 11:30:07 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\jmcricon.dll
[2012/02/06 11:30:07 | 000,173,656 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\drivers\jmcr.sys
[2012/02/06 11:30:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SDA
[2012/02/06 11:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron
[2012/02/06 11:30:05 | 000,026,712 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\johci.sys
[2012/02/06 11:29:42 | 000,314,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2012/02/06 11:29:35 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2012/02/06 11:29:05 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/02/06 11:28:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Intel
[2012/02/06 11:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/02/06 11:28:44 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/02/06 11:28:44 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/02/06 11:28:29 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/06 11:28:29 | 004,368,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/06 11:28:29 | 000,575,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/02/06 11:28:29 | 000,509,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/06 11:28:29 | 000,418,328 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/06 11:28:29 | 000,391,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/06 11:28:29 | 000,368,640 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/06 11:28:29 | 000,364,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/06 11:28:29 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/06 11:28:29 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/06 11:28:29 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/06 11:28:29 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/06 11:28:29 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/06 11:28:29 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/06 11:28:29 | 000,167,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/06 11:28:29 | 000,142,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/06 11:28:29 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/06 11:28:29 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/06 11:28:29 | 000,109,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/06 11:28:29 | 000,062,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/06 11:28:29 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/06 11:28:29 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/06 11:28:28 | 019,591,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/06 11:28:28 | 014,292,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/06 11:28:28 | 012,273,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/06 11:28:28 | 007,470,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/06 11:28:28 | 007,386,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/06 11:28:28 | 006,068,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/06 11:28:28 | 005,689,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/06 11:28:28 | 000,385,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/06 11:28:28 | 000,380,928 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/06 11:28:28 | 000,335,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/06 11:28:28 | 000,288,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/06 11:28:28 | 000,239,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/06 11:28:28 | 000,144,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/06 11:28:28 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/06 11:28:28 | 000,095,744 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/06 11:28:28 | 000,092,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2291.dll
[2012/02/06 11:28:28 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/06 11:28:27 | 000,000,000 | ---D | C] -- C:\Intel
[2012/02/06 11:27:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/02/06 11:27:24 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/02/06 11:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/02/06 11:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/02/06 11:26:57 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2012/02/06 11:26:26 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2012/02/06 11:26:26 | 000,221,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2012/02/06 11:26:26 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2012/02/06 11:26:25 | 006,050,304 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2012/02/06 11:26:25 | 004,637,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/02/06 11:26:25 | 003,268,096 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2012/02/06 11:26:25 | 001,019,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2012/02/06 11:26:25 | 000,835,072 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/02/06 11:26:25 | 000,438,784 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2012/02/06 11:26:25 | 000,212,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2012/02/06 11:26:25 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2012/02/06 11:26:25 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2012/02/06 11:26:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2012/02/06 11:26:03 | 001,499,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/02/06 11:26:03 | 000,651,776 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/02/06 11:26:03 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/02/06 11:26:03 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/02/06 11:26:03 | 000,220,160 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2012/02/06 11:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/02/06 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/02/06 11:24:00 | 000,390,016 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012/02/06 11:24:00 | 000,388,480 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\rsnp2uvc.dll
[2012/02/06 11:24:00 | 000,377,728 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll
[2012/02/06 11:24:00 | 000,311,168 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2012/02/06 11:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2012/02/06 11:22:26 | 000,344,616 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2012/02/06 11:22:26 | 000,135,720 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2012/02/06 11:22:26 | 000,102,952 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2012/02/06 11:22:26 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2012/02/06 11:22:26 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2012/02/06 11:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/02/06 11:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/02/06 11:20:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom Wireless
[2012/02/06 11:20:03 | 000,095,544 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012/02/06 11:20:02 | 003,896,832 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012/02/06 11:20:02 | 003,561,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012/02/06 11:20:02 | 003,065,408 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012/02/06 11:20:02 | 001,022,464 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012/02/06 11:19:53 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/02/06 11:19:53 | 000,022,592 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012/02/06 11:19:52 | 007,767,040 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012/02/06 11:19:52 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012/02/06 11:19:52 | 004,435,968 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012/02/06 11:19:52 | 000,073,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012/02/06 11:19:52 | 000,060,928 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012/02/06 11:19:51 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012/02/06 11:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/02/06 11:18:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/06 11:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SZCCID
[2012/02/06 11:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlcorMicro
[2012/02/06 11:18:21 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJET35.DLL
[2012/02/06 11:18:21 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBAR332.DLL
[2012/02/06 11:18:21 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSRD2X35.DLL
[2012/02/06 11:18:21 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJINT35.DLL
[2012/02/06 11:18:21 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJTER35.DLL
[2012/02/06 11:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/06 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/02/06 11:12:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/06 11:11:52 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/02/06 11:11:51 | 000,000,000 | -H-D | C] -- C:\System.sav
[2012/02/06 11:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/02/06 10:50:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/02/06 10:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/06 10:41:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/06 10:40:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/02/25 03:43:38 | 000,019,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 03:43:38 | 000,019,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 03:42:10 | 000,882,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/25 03:42:10 | 000,738,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/25 03:42:10 | 000,152,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/25 03:41:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
[2012/02/25 03:37:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/25 03:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/25 03:35:57 | 386,017,983 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/25 03:35:54 | 3169,603,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 13:55:45 | 000,001,996 | -H-- | M] () -- C:\Users\caroline.davis\Documents\Default.rdp
[2012/02/24 09:32:46 | 000,010,573 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/20 16:54:39 | 000,000,121 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/02/17 10:56:10 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 11:38:35 | 000,003,019 | ---- | M] () -- C:\Users\caroline.davis\Desktop\HiJackThis.lnk
[2012/02/12 11:22:25 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2012/02/10 08:07:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 17:31:03 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 18:37:39 | 000,801,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 18:22:42 | 000,001,566 | ---- | M] () -- C:\Windows\CrmClient.mif
[2012/02/08 18:22:40 | 000,000,916 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/02/08 17:48:32 | 000,001,135 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/08 17:38:38 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/02/08 17:03:53 | 000,001,129 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\WinCHM.lnk
[2012/02/08 16:57:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 16:56:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/02/08 16:45:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/02/08 16:45:12 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/08 16:31:31 | 000,000,990 | ---- | M] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/08 16:23:55 | 017,090,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\caroline.davis\Desktop\CitrixOnlinePluginFull.exe
[2012/02/08 16:12:23 | 000,001,441 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/08 16:12:19 | 000,032,632 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/08 15:45:37 | 000,002,840 | RHS- | M] () -- C:\Users\caroline.davis\ntuser.pol
[2012/02/07 10:35:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/07 10:35:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/07 10:35:39 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/07 10:35:39 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/07 10:35:39 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/07 10:35:39 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/07 10:35:39 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/07 10:35:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/07 10:35:39 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/07 10:35:39 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/07 10:35:39 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/07 10:35:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/07 10:35:39 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/07 10:35:39 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/07 10:35:39 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/07 10:35:39 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/07 10:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/07 10:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/07 10:35:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/07 10:35:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/07 10:35:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/07 10:35:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/07 10:35:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/07 10:35:39 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/07 10:35:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/07 10:35:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/07 10:35:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/07 10:35:39 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/07 10:35:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/07 10:35:39 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/07 10:35:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/07 10:35:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/07 10:35:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/07 10:35:39 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/07 10:35:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/07 10:35:39 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/07 10:35:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/07 10:35:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/07 10:35:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/07 10:35:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/07 10:35:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/07 10:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 10:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 10:35:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/07 10:35:39 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/07 10:35:39 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/07 10:35:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/07 10:35:39 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/07 10:35:39 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/07 10:35:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/07 10:35:39 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/07 10:35:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/07 10:35:39 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/06 11:33:02 | 000,015,434 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/02/06 11:31:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/06 11:30:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/06 11:25:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HpqKbFiltr_01009.Wdf
[2012/02/06 11:22:34 | 000,000,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/02/06 11:20:32 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem3.inf
[2012/02/06 11:19:43 | 007,767,040 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012/02/06 11:19:43 | 004,961,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012/02/06 11:19:43 | 004,435,968 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012/02/06 11:19:43 | 003,896,832 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012/02/06 11:19:43 | 003,561,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012/02/06 11:19:43 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012/02/06 11:19:43 | 003,065,408 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012/02/06 11:19:43 | 001,022,464 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012/02/06 11:19:43 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012/02/06 11:19:43 | 000,073,728 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012/02/06 11:19:43 | 000,060,928 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012/02/06 11:19:43 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/02/06 11:19:43 | 000,022,592 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012/02/06 11:19:43 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/02/06 11:19:43 | 000,000,459 | ---- | M] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/02/06 11:19:43 | 000,000,457 | ---- | M] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/02/06 11:18:21 | 001,045,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJET35.DLL
[2012/02/06 11:18:20 | 000,368,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\VBAR332.DLL
[2012/02/06 11:18:20 | 000,252,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSRD2X35.DLL
[2012/02/06 11:18:20 | 000,123,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJINT35.DLL
[2012/02/06 11:18:20 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJTER35.DLL
[2012/02/06 10:43:32 | 000,000,637 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/02/06 10:43:32 | 000,000,637 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/02/24 12:05:38 | 000,001,996 | -H-- | C] () -- C:\Users\caroline.davis\Documents\Default.rdp
[2012/02/20 16:50:51 | 000,000,121 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/12 11:38:35 | 000,003,019 | ---- | C] () -- C:\Users\caroline.davis\Desktop\HiJackThis.lnk
[2012/02/12 11:22:25 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2012/02/10 08:07:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/10 08:07:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 17:31:03 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/09 17:31:03 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 18:22:42 | 000,001,566 | ---- | C] () -- C:\Windows\CrmClient.mif
[2012/02/08 18:20:57 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/02/08 17:44:15 | 000,113,538 | ---- | C] () -- C:\ProgramData\EnvironmentDiagnostics.chm
[2012/02/08 17:38:38 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/02/08 17:03:53 | 000,001,129 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\WinCHM.lnk
[2012/02/08 16:57:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 16:56:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/02/08 16:45:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/02/08 16:45:12 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/08 16:31:31 | 000,000,990 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/08 16:12:19 | 000,032,632 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/08 15:46:30 | 000,001,441 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/08 15:46:05 | 000,001,413 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/08 15:46:01 | 000,001,447 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/08 15:45:36 | 000,002,840 | RHS- | C] () -- C:\Users\caroline.davis\ntuser.pol
[2012/02/08 15:45:34 | 000,000,290 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/08 15:45:34 | 000,000,272 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/07 10:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 10:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 10:00:19 | 386,017,983 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/06 13:35:04 | 000,010,573 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/06 12:46:12 | 000,002,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Communicator 2007 R2.lnk
[2012/02/06 11:33:02 | 000,015,434 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/02/06 11:31:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/06 11:30:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/06 11:29:42 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/02/06 11:29:35 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2012/02/06 11:28:29 | 000,180,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/06 11:28:29 | 000,179,736 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/02/06 11:28:29 | 000,138,635 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/06 11:28:29 | 000,135,119 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/06 11:28:29 | 000,133,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/06 11:28:29 | 000,132,422 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/06 11:28:29 | 000,132,299 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/06 11:28:29 | 000,131,290 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/06 11:28:29 | 000,127,599 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/06 11:28:29 | 000,122,646 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/06 11:28:29 | 000,116,413 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/06 11:28:29 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/06 11:28:28 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/02/06 11:28:28 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/06 11:28:28 | 000,960,940 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/06 11:28:28 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/06 11:28:28 | 000,213,332 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/06 11:28:28 | 000,208,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/06 11:28:28 | 000,195,681 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/06 11:28:28 | 000,154,366 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/06 11:28:28 | 000,151,350 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/06 11:28:28 | 000,147,392 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/06 11:28:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/06 11:28:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/02/06 11:28:28 | 000,137,000 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/06 11:28:28 | 000,136,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/06 11:28:28 | 000,136,172 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/06 11:28:28 | 000,134,081 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/06 11:28:28 | 000,133,321 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/06 11:28:28 | 000,132,876 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/06 11:28:28 | 000,132,861 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/06 11:28:28 | 000,131,897 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/06 11:28:28 | 000,131,711 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/06 11:28:28 | 000,131,456 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/06 11:28:28 | 000,130,414 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/06 11:28:28 | 000,127,367 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/06 11:28:28 | 000,127,109 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/06 11:28:28 | 000,115,195 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/06 11:28:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/02/06 11:28:28 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/06 11:28:28 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/06 11:28:28 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/06 11:28:28 | 000,013,476 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/06 11:28:28 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/06 11:28:13 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/02/06 11:27:11 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/02/06 11:26:25 | 000,001,646 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
[2012/02/06 11:25:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HpqKbFiltr_01009.Wdf
[2012/02/06 11:24:00 | 001,826,048 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2012/02/06 11:24:00 | 000,244,096 | ---- | C] ( ) -- C:\Windows\SysNative\csnp2uvc.dll
[2012/02/06 11:24:00 | 000,040,064 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2012/02/06 11:24:00 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/02/06 11:24:00 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/02/06 11:24:00 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2012/02/06 11:21:41 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/02/06 11:20:38 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2012/02/06 11:19:53 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/02/06 11:19:53 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/02/06 11:19:52 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/02/06 11:17:57 | 000,801,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/06 10:43:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/06 10:43:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/06 10:40:48 | 3169,603,584 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 12:40:54 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/12/06 22:16:34 | 000,181,072 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll
[2010/12/06 22:16:34 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll.hpsign

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/06 11:24:08 | 000,000,171 | ---- | M] () -- C:\camera.log
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/02/25 03:35:54 | 3169,603,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 11:24:20 | 000,000,871 | ---- | M] () -- C:\HPCamDrv.log
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/02/25 03:35:57 | 4226,138,112 | -HS- | M] () -- C:\pagefile.sys
[2012/02/08 16:28:21 | 000,094,548 | ---- | M] () -- C:\swclient6_install.log
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini


< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/07 10:35:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/07 10:35:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/07 10:35:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/02/07 10:35:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/02/07 10:35:39 | 000,748,336 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/20 20:54:34 | 000,834,832 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/20 20:54:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/02/07 10:35:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/02/07 10:35:39 | 000,748,336 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#5
WhiteHat
Posted 26 February 2012 - 10:57 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) -  {99079a25-328f-4bd4-be04-00955acaa0a7} -  C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not  found
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
# Step 2 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
cardav
Posted 26 February 2012 - 11:45 AM

cardav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok, here goes with the output - OTL.txt
OTL logfile created on: 26/02/2012 17:37:52 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\caroline.davis\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.98% Memory free
7.87 Gb Paging File | 5.49 Gb Available in Paging File | 69.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 230.84 Gb Free Space | 77.47% Space Free | Partition Type: NTFS
Drive H: | 480.00 Gb Total Space | 58.53 Gb Free Space | 12.19% Space Free | Partition Type: NTFS

Computer Name: CAROLINE-LPT | User Name: Caroline.Davis | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 03:41:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
PRC - [2012/02/14 23:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/16 08:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
PRC - [2012/01/11 16:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/07 17:42:58 | 000,927,056 | ---- | M] (Research In Motion) -- C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
PRC - [2011/11/03 15:44:14 | 002,024,784 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/25 23:49:24 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/01/28 15:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/01/11 10:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/03 22:16:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/03 22:16:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/11/19 18:23:06 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2008/11/19 18:22:20 | 000,549,888 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 13:29:15 | 000,834,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Appli#\934e273789635b80df17033e0b71b352\Microsoft.Crm.Application.Outlook.Components.Platform.XmlSerializers.ni.dll
MOD - [2012/02/17 13:29:11 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Exception#\1bf4a4e73f01fc61476710166bfe7acc\Microsoft.ExceptionHelper.ni.dll
MOD - [2012/02/17 13:28:36 | 000,783,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\734adcfca476c149a6412d55991e9af4\System.Data.SqlServerCe.ni.dll
MOD - [2012/02/17 13:28:28 | 000,354,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WinFormsRegions\5afde82a21e10c9a3667e8153fd3c83f\WinFormsRegions.ni.dll
MOD - [2012/02/17 13:28:27 | 010,265,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Appli#\ac25dfb3ea9a81a0ca8e11dd7c8e6ff3\Microsoft.Crm.Application.Outlook.Components.Platform.ni.dll
MOD - [2012/02/17 13:28:11 | 000,070,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.SafeH#\f7ec058b01ba4a0448797a12a14c82d2\Microsoft.Crm.SafeHtml.ni.dll
MOD - [2012/02/17 13:28:01 | 000,252,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Sdk.R#\d487e06cfb56ef642c3583ab0fdb9595\Microsoft.Crm.Sdk.Reserved.ni.dll
MOD - [2012/02/17 13:27:57 | 003,454,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Platf#\4b20590e3d4fbece3a95376b634f3c8b\Microsoft.Crm.Platform.Server.ni.dll
MOD - [2012/02/17 13:27:54 | 009,175,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Objec#\ca440f4552531cc92151686de8af1936\Microsoft.Crm.ObjectModel.ni.dll
MOD - [2012/02/17 13:27:45 | 003,782,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Platf#\9c0b9166c0b1c3d2cc85f11d83990307\Microsoft.Crm.Platform.Sdk.ni.dll
MOD - [2012/02/17 13:27:42 | 002,185,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AntiXssLibrary\c6fa3619f54af8d149a84543adef413f\AntiXssLibrary.ni.dll
MOD - [2012/02/17 13:27:41 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Tools#\f9a543f218353bcd0f238de8c921d819\Microsoft.Crm.Tools.Logging.ni.dll
MOD - [2012/02/17 13:27:34 | 000,443,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Sdk\35ca5ade88ecc16b19b631dd30b6d152\Microsoft.Crm.Sdk.ni.dll
MOD - [2012/02/17 13:26:43 | 001,459,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Xrm.Sdk\20433065945f57413de3083358cf3970\Microsoft.Xrm.Sdk.ni.dll
MOD - [2012/02/17 13:26:41 | 002,994,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.IdentityM#\27ede06aa3ecb6ab52ea2835004ed5de\Microsoft.IdentityModel.ni.dll
MOD - [2012/02/17 13:26:40 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\029b201cac0923d099c2f61c71bbd87d\System.Xaml.Hosting.ni.dll
MOD - [2012/02/17 13:26:39 | 000,411,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\9d6848fa01a2d9ad31af5cb528aabec3\System.Activities.DurableInstancing.ni.dll
MOD - [2012/02/17 13:26:36 | 001,172,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9e2853ace5cd56ec043b633a83c666c0\Microsoft.VisualBasic.Activities.Compiler.ni.dll
MOD - [2012/02/17 13:26:35 | 004,129,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities\3204cf0f9558a26d7c58e31069074a6b\System.Activities.ni.dll
MOD - [2012/02/17 13:26:32 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26048ada4992c473f90f5da2ba39a1d6\System.ServiceModel.Activities.ni.dll
MOD - [2012/02/17 13:26:31 | 000,432,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b278b7edd39b5345b9746ac3de3514cc\System.ServiceModel.Activation.ni.dll
MOD - [2012/02/17 13:26:29 | 000,229,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\6e851ab472fcdb01e8d2de10b86c744e\System.IdentityModel.Selectors.ni.dll
MOD - [2012/02/17 13:26:28 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2dc4a022dbe24fda049907ff74054e1b\System.IdentityModel.ni.dll
MOD - [2012/02/17 13:26:21 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\d834ce27882872a2108250b3935c0355\System.Web.Services.ni.dll
MOD - [2012/02/17 13:26:20 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ecf7f8a10cf3e6c3944936c7562ffd69\System.Xaml.ni.dll
MOD - [2012/02/17 13:26:20 | 000,071,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9d6e5a83184024c95c21b2248ff9afe8\System.Web.ApplicationServices.ni.dll
MOD - [2012/02/17 13:26:17 | 012,079,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\9413db673bf839c47c2e078f130d932a\System.Web.ni.dll
MOD - [2012/02/17 13:26:10 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\aa05ffba3fb49fc45c0bb1c865483f14\System.EnterpriseServices.ni.dll
MOD - [2012/02/17 13:26:10 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\aa05ffba3fb49fc45c0bb1c865483f14\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/17 13:26:09 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\eea6e969f65e8abd7a5c0e5cc5de91e0\System.Transactions.ni.dll
MOD - [2012/02/17 13:26:08 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\64ef82bf025a26e2ebe801d9cd1bbe47\System.Runtime.Serialization.ni.dll
MOD - [2012/02/17 13:26:08 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4df17dcc839cf4971f4e4af8a4c3aa97\SMDiagnostics.ni.dll
MOD - [2012/02/17 13:26:06 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\c3d32e1af26dc65e97d516c65c420b94\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/02/17 13:26:04 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b338e3a94d8eeef4ab507954d4ca4e77\System.ServiceModel.ni.dll
MOD - [2012/02/17 13:25:51 | 006,295,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm\11046a2e726aa338095a15ee9c66db44\Microsoft.Crm.ni.dll
MOD - [2012/02/17 13:25:46 | 004,679,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Appli#\dd4a7a20776e24532e90317b3de7ef03\Microsoft.Crm.Application.Components.Platform.ni.dll
MOD - [2012/02/17 11:43:46 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2cc0a34119d625950a3f9fd7ad1788b1\IAStorUtil.ni.dll
MOD - [2012/02/17 11:43:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/17 11:01:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 11:01:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 11:01:07 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
MOD - [2012/02/17 11:01:05 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/17 11:00:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/17 11:00:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/17 11:00:38 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/17 11:00:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 11:00:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 11:00:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 11:00:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/17 09:57:32 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4908a9a66074355f580242eb6e1c5c7f\System.Data.ni.dll
MOD - [2012/02/17 09:57:29 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8f178c27be36f9a08ab5ef6b26edd53c\System.Windows.Forms.ni.dll
MOD - [2012/02/17 09:57:26 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e6a421765ab129b5a12db40f1ad11b33\System.Core.ni.dll
MOD - [2012/02/17 09:57:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\328128459fb93ae5bb4d813f1c25f882\System.Xml.ni.dll
MOD - [2012/02/17 09:57:20 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\703bbf6d22fe6f51247312b93ebf4877\System.Security.ni.dll
MOD - [2012/02/17 09:57:19 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48763e13ab42d7d355deba3265ea3223\System.Drawing.ni.dll
MOD - [2012/02/17 09:57:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\245091a424804833e585abbe0d01cb16\System.Configuration.ni.dll
MOD - [2012/02/17 09:57:17 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dc9a87796af6bbda69eb6415f081d7d5\System.ni.dll
MOD - [2012/02/09 09:59:48 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Interop.M#\bd7a370ef5c6157a7416d9b5797b9d4f\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2012/02/09 09:59:47 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.MapiS#\012747ab688a1f23278b1a26581c0e3f\Microsoft.Crm.MapiShared.ni.dll
MOD - [2012/02/09 09:59:14 | 000,168,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Interop.M#\9c41b8ab5a37bbca87a6d9d13940106f\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2012/02/09 09:58:56 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Crm.Sdk.P#\8bbff80908545811132d00d18f9dec21\Microsoft.Crm.Sdk.Proxy.ni.dll
MOD - [2012/02/06 15:04:01 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\626707b9d4d391ca42ab39f7b5ac4960\CustomMarshalers.ni.dll
MOD - [2012/02/06 15:03:53 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\413ee4eb3373e8e7e72537a4b92f9a4b\Accessibility.ni.dll
MOD - [2012/02/06 15:01:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2012/02/06 15:00:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/02/06 14:41:14 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c77671382130b2c8876ceb758f41bee2\System.Numerics.ni.dll
MOD - [2012/02/06 14:39:28 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 16:08:14 | 000,122,720 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/11/19 18:23:06 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2008/11/19 18:23:04 | 001,181,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2008/11/19 18:23:04 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll
MOD - [2008/11/19 18:23:04 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libpkcs11-helper-1.dll
MOD - [2008/11/19 18:22:20 | 000,549,888 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/06 11:19:43 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/27 09:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/21 19:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/07/29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/02 23:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 10:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/16 08:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc) SQL Server (CRM)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/01/21 19:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/11 10:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/01/03 22:16:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/03 22:16:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/19 18:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/06 11:19:43 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/02/06 11:19:43 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/09/16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/05 00:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 09:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/18 10:38:42 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/28 11:25:58 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/12/21 10:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/12/02 17:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/07/20 21:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 21:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 21:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 14:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 22:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/19 18:22:38 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ffwiki
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ffwiki
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/search?q="
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/02/07 10:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 20:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/10 08:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/02/07 10:37:38 | 000,000,000 | ---D | M]

[2012/02/12 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caroline.davis\AppData\Roaming\mozilla\Extensions
[2012/02/12 11:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caroline.davis\AppData\Roaming\mozilla\Firefox\Profiles\9mhe59wp.default\extensions
[2012/02/12 10:57:03 | 000,002,519 | ---- | M] () -- C:\Users\caroline.davis\AppData\Roaming\Mozilla\Firefox\Profiles\9mhe59wp.default\searchplugins\Search_Results.xml
[2012/02/12 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 20:54:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/20 20:54:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 20:54:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/20 20:54:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 20:54:34 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 10:57:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/20 20:54:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - Startup: C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\caroline.davis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fflon-crm04 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.90.90.220 81.90.90.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.ffastfill.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB209C21-30BF-4230-8C13-9D72E3DC5E8E}: DhcpNameServer = 10.44.0.70 81.90.90.221 81.90.90.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8DDA249-1BA9-4D82-8C21-CD1B61784D21}: DhcpNameServer = 81.90.90.220 81.90.90.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D758D2C4-2EB1-4E89-9FBD-5B6420B01039}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{032bb02c-5c60-11e1-82cc-e02a82ffd845}\Shell - "" = AutoRun
O33 - MountPoints2\{032bb02c-5c60-11e1-82cc-e02a82ffd845}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 12:50:47 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Apple Computer
[2012/02/25 12:50:47 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Apple Computer
[2012/02/25 12:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/25 12:50:32 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/02/25 12:50:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/02/25 12:50:32 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/02/25 12:50:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/25 12:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/02/25 12:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/25 12:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/25 12:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/25 12:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/25 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Apple
[2012/02/25 12:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/02/25 12:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/02/25 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/25 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/02/25 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/25 12:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/02/25 03:41:04 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
[2012/02/22 23:35:50 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adxstudio xRM Portals 4
[2012/02/19 15:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF reDirect
[2012/02/19 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2012/02/19 14:55:15 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\PDF reDirect
[2012/02/19 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF reDirect
[2012/02/17 18:06:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Microsoft Help
[2012/02/17 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Hornbill
[2012/02/17 09:51:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 09:51:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 09:51:35 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 09:51:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 09:51:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 09:51:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 09:51:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 09:51:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 09:51:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 09:51:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 09:51:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 19:33:50 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 19:33:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 19:33:35 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 19:33:10 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Desktop\New folder
[2012/02/16 19:20:17 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\ElevatedDiagnostics
[2012/02/16 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\HpUpdate
[2012/02/12 11:38:35 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/12 11:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/12 11:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2012/02/12 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/02/12 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\ESET
[2012/02/12 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Ilivid Player
[2012/02/12 10:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/12 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\PackageAware
[2012/02/11 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Documents\M801
[2012/02/10 09:36:24 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Desktop\To file
[2012/02/10 08:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/10 08:07:49 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Adobe
[2012/02/10 08:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/02/10 08:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/10 08:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/10 07:55:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Macromedia
[2012/02/10 07:54:24 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/10 07:54:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\WinRAR
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/09 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/09 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/02/09 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/02/09 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Mozilla
[2012/02/09 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Mozilla
[2012/02/09 17:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/09 07:37:19 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Broadcom
[2012/02/09 07:37:19 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Documents\Bluetooth Exchange Folder
[2012/02/08 18:37:39 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$CRM-sqlctr10.1.2531.0.dll
[2012/02/08 18:37:14 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$CRM-sqlagtctr10.1.2531.0.dll
[2012/02/08 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012/02/08 18:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/02/08 18:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/02/08 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/02/08 18:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Dynamics CRM 2011
[2012/02/08 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Identity Foundation
[2012/02/08 18:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Identity Foundation
[2012/02/08 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/08 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/08 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\PFiles
[2012/02/08 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\DW
[2012/02/08 18:18:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Client
[2012/02/08 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\IsolatedStorage
[2012/02/08 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Dynamics CRM
[2012/02/08 17:38:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/02/08 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012/02/08 17:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012/02/08 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/02/08 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012/02/08 17:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/02/08 17:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/02/08 17:03:53 | 000,837,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Hha.dll
[2012/02/08 17:03:53 | 000,154,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Itcc.dll
[2012/02/08 17:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCHM
[2012/02/08 17:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WinCHM
[2012/02/08 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softany
[2012/02/08 16:50:54 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Research In Motion
[2012/02/08 16:50:52 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Research In Motion
[2012/02/08 16:45:21 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012/02/08 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/02/08 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/02/08 16:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2012/02/08 16:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2012/02/08 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/02/08 16:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/02/08 16:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/02/08 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\ICAClient
[2012/02/08 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Citrix
[2012/02/08 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/02/08 16:31:28 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/02/08 16:30:16 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/02/08 16:30:15 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/02/08 16:30:13 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/02/08 16:30:12 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/02/08 16:30:12 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/02/08 16:30:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/02/08 16:30:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/02/08 16:30:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/02/08 16:30:12 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/02/08 16:28:02 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supportworks Client
[2012/02/08 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hornbill
[2012/02/08 16:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinkedIn
[2012/02/08 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Download Manager
[2012/02/08 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Dropbox
[2012/02/08 16:00:43 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Adobe
[2012/02/08 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\MigWiz
[2012/02/08 15:46:42 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\hpqLog
[2012/02/08 15:46:27 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Intel Corporation
[2012/02/08 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\Tracing
[2012/02/08 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Synaptics
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Searches
[2012/02/08 15:45:57 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/08 15:45:57 | 000,000,000 | -H-D | C] -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/08 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Identities
[2012/02/08 15:45:46 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Contacts
[2012/02/08 15:45:34 | 000,000,000 | --SD | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Videos
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Saved Games
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Pictures
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Music
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Links
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Favorites
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Downloads
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Documents
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\Desktop
[2012/02/08 15:45:34 | 000,000,000 | R--D | C] -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\Temporary Internet Files
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Templates
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Start Menu
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\SendTo
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Recent
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\PrintHood
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\NetHood
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Videos
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Pictures
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Documents\My Music
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\My Documents
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Local Settings
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\History
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Cookies
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\Application Data
[2012/02/08 15:45:34 | 000,000,000 | -HSD | C] -- C:\Users\caroline.davis\AppData\Local\Application Data
[2012/02/08 15:45:34 | 000,000,000 | -H-D | C] -- C:\Users\caroline.davis\AppData
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Temp
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Local\Microsoft
[2012/02/08 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\caroline.davis\AppData\Roaming\Media Center Programs
[2012/02/07 11:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012/02/07 11:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/02/07 10:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/07 10:35:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/07 10:35:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/07 10:35:39 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/07 10:35:39 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/07 10:35:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/07 10:35:39 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/07 10:35:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/07 10:35:39 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/07 10:35:39 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/07 10:35:39 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/07 10:35:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/07 10:35:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/07 10:35:39 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/07 10:35:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/07 10:35:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/07 10:35:39 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/07 10:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/07 10:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/07 10:35:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/07 10:35:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/07 10:35:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/07 10:35:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/07 10:35:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/07 10:35:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/07 10:35:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/07 10:35:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/07 10:35:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/07 10:35:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/07 10:35:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/07 10:35:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/07 10:35:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/07 10:35:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/07 10:35:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/07 10:35:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/07 10:35:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/07 10:35:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/07 10:35:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/07 10:35:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/07 10:35:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/07 10:35:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/07 10:35:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/07 10:35:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/07 10:35:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/07 10:35:39 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/07 10:35:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/07 10:35:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/07 10:35:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/07 10:35:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/07 10:35:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/07 10:35:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/07 10:35:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/07 10:00:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/06 18:40:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/06 14:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/06 14:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/06 14:32:55 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/06 14:32:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/06 14:32:49 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/06 14:32:49 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/06 14:32:49 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/06 14:32:49 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/06 14:32:49 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/06 14:32:49 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/06 14:32:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/06 14:32:48 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/06 14:32:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/06 14:32:48 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/06 14:32:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/06 14:32:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/06 14:32:48 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/06 14:32:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/06 14:32:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/06 14:32:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/06 14:32:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/06 14:32:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/06 14:32:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/06 14:32:42 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/06 14:32:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/02/06 14:32:42 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/06 14:32:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/06 14:32:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/02/06 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/02/06 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/02/06 13:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/02/06 13:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2012/02/06 13:42:50 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/02/06 13:31:01 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/06 13:31:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/02/06 13:31:01 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/02/06 13:31:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/02/06 13:31:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/02/06 13:31:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/02/06 13:31:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/02/06 13:31:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/02/06 13:31:00 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/02/06 13:31:00 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/02/06 13:31:00 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/02/06 13:31:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/02/06 13:30:57 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/02/06 13:30:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/02/06 13:30:49 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/02/06 13:30:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/02/06 13:30:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/02/06 13:30:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/02/06 13:30:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/02/06 13:30:42 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/02/06 13:30:42 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/02/06 13:30:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/02/06 13:30:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/02/06 13:30:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/02/06 13:30:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/02/06 13:30:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/02/06 13:30:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/02/06 13:30:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/02/06 13:30:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/02/06 13:30:41 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/02/06 13:30:41 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/02/06 13:30:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/02/06 13:30:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/02/06 13:30:36 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/02/06 13:30:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/02/06 13:30:36 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/02/06 13:30:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/02/06 13:30:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/02/06 13:30:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/02/06 13:30:35 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/02/06 13:30:35 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/02/06 13:30:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/02/06 13:30:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/02/06 13:30:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/02/06 13:30:34 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/06 13:30:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/02/06 13:30:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/02/06 13:30:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/02/06 13:30:20 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/02/06 13:30:20 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/02/06 13:30:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/02/06 13:30:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/02/06 13:30:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/02/06 13:30:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/02/06 13:30:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/02/06 13:30:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/02/06 13:30:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/02/06 13:30:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/02/06 13:30:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/02/06 13:30:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/02/06 13:30:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/02/06 13:30:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/02/06 13:30:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/02/06 13:30:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/02/06 13:30:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/02/06 13:30:17 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/02/06 13:30:17 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/02/06 13:30:17 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/02/06 13:30:17 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/02/06 13:30:17 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/02/06 13:30:17 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/02/06 13:30:17 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/02/06 13:30:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/02/06 13:30:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/02/06 13:30:08 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/02/06 13:30:08 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/02/06 13:30:08 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/06 13:29:12 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/02/06 13:28:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/02/06 13:28:55 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/02/06 13:27:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/02/06 13:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/06 12:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2012/02/06 12:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012/02/06 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Communicator
[2012/02/06 11:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/02/06 11:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/06 11:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/06 11:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/02/06 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/06 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/06 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/06 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/06 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/06 11:49:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/02/06 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Validity
[2012/02/06 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
[2012/02/06 11:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/02/06 11:30:41 | 000,415,528 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/02/06 11:30:41 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo7.dll
[2012/02/06 11:30:07 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysWow64\jmcricon.dll
[2012/02/06 11:30:07 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\jmcricon.dll
[2012/02/06 11:30:07 | 000,173,656 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\drivers\jmcr.sys
[2012/02/06 11:30:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SDA
[2012/02/06 11:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron
[2012/02/06 11:30:05 | 000,026,712 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\johci.sys
[2012/02/06 11:29:42 | 000,314,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2012/02/06 11:29:35 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2012/02/06 11:29:05 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/02/06 11:28:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Intel
[2012/02/06 11:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/02/06 11:28:44 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/02/06 11:28:44 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/02/06 11:28:29 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/06 11:28:29 | 004,368,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/06 11:28:29 | 000,575,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/02/06 11:28:29 | 000,509,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/06 11:28:29 | 000,418,328 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/06 11:28:29 | 000,391,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/06 11:28:29 | 000,368,640 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/06 11:28:29 | 000,364,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/06 11:28:29 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/06 11:28:29 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/06 11:28:29 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/06 11:28:29 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/06 11:28:29 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/06 11:28:29 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/06 11:28:29 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/06 11:28:29 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/06 11:28:29 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/06 11:28:29 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/06 11:28:29 | 000,167,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/06 11:28:29 | 000,142,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/06 11:28:29 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/06 11:28:29 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/06 11:28:29 | 000,109,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/06 11:28:29 | 000,062,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/06 11:28:29 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/06 11:28:29 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/06 11:28:28 | 019,591,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/06 11:28:28 | 014,292,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/06 11:28:28 | 012,273,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/06 11:28:28 | 007,470,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/06 11:28:28 | 007,386,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/06 11:28:28 | 006,068,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/06 11:28:28 | 005,689,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/06 11:28:28 | 000,385,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/06 11:28:28 | 000,380,928 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/06 11:28:28 | 000,335,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/06 11:28:28 | 000,288,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/06 11:28:28 | 000,239,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/06 11:28:28 | 000,144,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/06 11:28:28 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/06 11:28:28 | 000,095,744 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/06 11:28:28 | 000,092,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2291.dll
[2012/02/06 11:28:28 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/06 11:28:27 | 000,000,000 | ---D | C] -- C:\Intel
[2012/02/06 11:27:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/02/06 11:27:24 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/02/06 11:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/02/06 11:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/02/06 11:26:57 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2012/02/06 11:26:26 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2012/02/06 11:26:26 | 000,221,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2012/02/06 11:26:26 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2012/02/06 11:26:25 | 006,050,304 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2012/02/06 11:26:25 | 004,637,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/02/06 11:26:25 | 003,268,096 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2012/02/06 11:26:25 | 001,019,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2012/02/06 11:26:25 | 000,835,072 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/02/06 11:26:25 | 000,438,784 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2012/02/06 11:26:25 | 000,212,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2012/02/06 11:26:25 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2012/02/06 11:26:25 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2012/02/06 11:26:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2012/02/06 11:26:03 | 001,499,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/02/06 11:26:03 | 000,651,776 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/02/06 11:26:03 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/02/06 11:26:03 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/02/06 11:26:03 | 000,220,160 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2012/02/06 11:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/02/06 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/02/06 11:24:00 | 000,390,016 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012/02/06 11:24:00 | 000,388,480 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\rsnp2uvc.dll
[2012/02/06 11:24:00 | 000,377,728 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll
[2012/02/06 11:24:00 | 000,311,168 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2012/02/06 11:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2012/02/06 11:22:26 | 000,344,616 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2012/02/06 11:22:26 | 000,135,720 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2012/02/06 11:22:26 | 000,102,952 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2012/02/06 11:22:26 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2012/02/06 11:22:26 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2012/02/06 11:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/02/06 11:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/02/06 11:20:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom Wireless
[2012/02/06 11:20:03 | 000,095,544 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012/02/06 11:20:02 | 003,896,832 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012/02/06 11:20:02 | 003,561,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012/02/06 11:20:02 | 003,065,408 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012/02/06 11:20:02 | 001,022,464 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012/02/06 11:19:53 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/02/06 11:19:53 | 000,022,592 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012/02/06 11:19:52 | 007,767,040 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012/02/06 11:19:52 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012/02/06 11:19:52 | 004,435,968 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012/02/06 11:19:52 | 000,073,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012/02/06 11:19:52 | 000,060,928 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012/02/06 11:19:51 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012/02/06 11:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/02/06 11:18:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/06 11:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SZCCID
[2012/02/06 11:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlcorMicro
[2012/02/06 11:18:21 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJET35.DLL
[2012/02/06 11:18:21 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBAR332.DLL
[2012/02/06 11:18:21 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSRD2X35.DLL
[2012/02/06 11:18:21 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJINT35.DLL
[2012/02/06 11:18:21 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJTER35.DLL
[2012/02/06 11:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/06 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/02/06 11:12:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/06 11:11:52 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/02/06 11:11:51 | 000,000,000 | -H-D | C] -- C:\System.sav
[2012/02/06 11:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/02/06 10:50:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/02/06 10:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/06 10:41:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/06 10:40:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/02/26 17:35:34 | 000,001,006 | ---- | M] () -- C:\Users\caroline.davis\Desktop\Dropbox.lnk
[2012/02/26 17:35:34 | 000,000,986 | ---- | M] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/26 13:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/25 14:06:35 | 000,882,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/25 14:06:35 | 000,738,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/25 14:06:35 | 000,152,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/25 12:50:46 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 12:47:12 | 000,019,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 12:47:12 | 000,019,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 12:39:43 | 417,295,039 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/25 12:39:40 | 3169,603,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 03:41:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\caroline.davis\Desktop\OTL.exe
[2012/02/25 03:37:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/24 13:55:45 | 000,001,996 | -H-- | M] () -- C:\Users\caroline.davis\Documents\Default.rdp
[2012/02/24 09:32:46 | 000,010,573 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/20 16:54:39 | 000,000,121 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/02/17 10:56:10 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 11:38:35 | 000,003,019 | ---- | M] () -- C:\Users\caroline.davis\Desktop\HiJackThis.lnk
[2012/02/12 11:22:25 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2012/02/10 08:07:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 17:31:03 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 18:37:39 | 000,801,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 18:22:42 | 000,001,566 | ---- | M] () -- C:\Windows\CrmClient.mif
[2012/02/08 18:22:40 | 000,000,916 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/02/08 17:48:32 | 000,001,135 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/08 17:38:38 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/02/08 17:03:53 | 000,001,129 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\WinCHM.lnk
[2012/02/08 16:57:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 16:56:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/02/08 16:45:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/02/08 16:45:12 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/08 16:23:55 | 017,090,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\caroline.davis\Desktop\CitrixOnlinePluginFull.exe
[2012/02/08 16:12:23 | 000,001,441 | ---- | M] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/08 16:12:19 | 000,032,632 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/08 15:45:37 | 000,002,840 | RHS- | M] () -- C:\Users\caroline.davis\ntuser.pol
[2012/02/07 10:35:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/07 10:35:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/07 10:35:39 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/07 10:35:39 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/07 10:35:39 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/07 10:35:39 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/07 10:35:39 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/07 10:35:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/07 10:35:39 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/07 10:35:39 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/07 10:35:39 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/07 10:35:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/07 10:35:39 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/07 10:35:39 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/07 10:35:39 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/07 10:35:39 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/07 10:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/07 10:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/07 10:35:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/07 10:35:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/07 10:35:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/07 10:35:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/07 10:35:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/07 10:35:39 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/07 10:35:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/07 10:35:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/07 10:35:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/07 10:35:39 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/07 10:35:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/07 10:35:39 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/07 10:35:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/07 10:35:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/07 10:35:39 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/07 10:35:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/07 10:35:39 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/07 10:35:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/07 10:35:39 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/07 10:35:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/07 10:35:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/07 10:35:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/07 10:35:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/07 10:35:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/07 10:35:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/07 10:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 10:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 10:35:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/07 10:35:39 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/07 10:35:39 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/07 10:35:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/07 10:35:39 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/07 10:35:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/07 10:35:39 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/07 10:35:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/07 10:35:39 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/07 10:35:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/07 10:35:39 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/07 10:35:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/06 11:33:02 | 000,015,434 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/02/06 11:31:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/06 11:30:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/06 11:25:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HpqKbFiltr_01009.Wdf
[2012/02/06 11:22:34 | 000,000,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/02/06 11:20:32 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem3.inf
[2012/02/06 11:19:43 | 007,767,040 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012/02/06 11:19:43 | 004,961,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012/02/06 11:19:43 | 004,435,968 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012/02/06 11:19:43 | 003,896,832 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012/02/06 11:19:43 | 003,561,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012/02/06 11:19:43 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012/02/06 11:19:43 | 003,065,408 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012/02/06 11:19:43 | 001,022,464 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012/02/06 11:19:43 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012/02/06 11:19:43 | 000,073,728 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012/02/06 11:19:43 | 000,060,928 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012/02/06 11:19:43 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/02/06 11:19:43 | 000,022,592 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012/02/06 11:19:43 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/02/06 11:19:43 | 000,000,459 | ---- | M] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/02/06 11:19:43 | 000,000,457 | ---- | M] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/02/06 11:18:21 | 001,045,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJET35.DLL
[2012/02/06 11:18:20 | 000,368,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\VBAR332.DLL
[2012/02/06 11:18:20 | 000,252,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSRD2X35.DLL
[2012/02/06 11:18:20 | 000,123,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJINT35.DLL
[2012/02/06 11:18:20 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJTER35.DLL
[2012/02/06 10:43:32 | 000,000,637 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/02/06 10:43:32 | 000,000,637 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/02/25 12:50:46 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 12:49:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/24 12:05:38 | 000,001,996 | -H-- | C] () -- C:\Users\caroline.davis\Documents\Default.rdp
[2012/02/20 16:50:51 | 000,000,121 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/12 11:38:35 | 000,003,019 | ---- | C] () -- C:\Users\caroline.davis\Desktop\HiJackThis.lnk
[2012/02/12 11:22:25 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2012/02/10 08:07:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/10 08:07:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 17:31:03 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/09 17:31:03 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 18:22:42 | 000,001,566 | ---- | C] () -- C:\Windows\CrmClient.mif
[2012/02/08 18:20:57 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/02/08 17:44:15 | 000,113,538 | ---- | C] () -- C:\ProgramData\EnvironmentDiagnostics.chm
[2012/02/08 17:38:38 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/02/08 17:03:53 | 000,001,129 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\WinCHM.lnk
[2012/02/08 16:57:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 16:56:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/02/08 16:45:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/02/08 16:45:12 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/08 16:31:31 | 000,000,986 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/08 16:12:19 | 000,032,632 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/08 15:46:30 | 000,001,441 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/08 15:46:05 | 000,001,413 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/08 15:46:01 | 000,001,447 | ---- | C] () -- C:\Users\caroline.davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/08 15:45:36 | 000,002,840 | RHS- | C] () -- C:\Users\caroline.davis\ntuser.pol
[2012/02/08 15:45:34 | 000,000,290 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/08 15:45:34 | 000,000,272 | ---- | C] () -- C:\Users\caroline.davis\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/07 10:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 10:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 10:00:19 | 417,295,039 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/06 13:35:04 | 000,010,573 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/06 12:46:12 | 000,002,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Communicator 2007 R2.lnk
[2012/02/06 11:33:02 | 000,015,434 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/02/06 11:31:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/06 11:30:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/06 11:29:42 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/02/06 11:29:35 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2012/02/06 11:28:29 | 000,180,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/06 11:28:29 | 000,179,736 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/02/06 11:28:29 | 000,138,635 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/06 11:28:29 | 000,135,119 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/06 11:28:29 | 000,133,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/06 11:28:29 | 000,132,422 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/06 11:28:29 | 000,132,299 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/06 11:28:29 | 000,131,290 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/06 11:28:29 | 000,127,599 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/06 11:28:29 | 000,122,646 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/06 11:28:29 | 000,116,413 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/06 11:28:29 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/06 11:28:28 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/02/06 11:28:28 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/06 11:28:28 | 000,960,940 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/06 11:28:28 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/06 11:28:28 | 000,213,332 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/06 11:28:28 | 000,208,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/06 11:28:28 | 000,195,681 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/06 11:28:28 | 000,154,366 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/06 11:28:28 | 000,151,350 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/06 11:28:28 | 000,147,392 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/06 11:28:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/06 11:28:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/02/06 11:28:28 | 000,137,000 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/06 11:28:28 | 000,136,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/06 11:28:28 | 000,136,172 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/06 11:28:28 | 000,134,081 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/06 11:28:28 | 000,133,321 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/06 11:28:28 | 000,132,876 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/06 11:28:28 | 000,132,861 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/06 11:28:28 | 000,131,897 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/06 11:28:28 | 000,131,711 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/06 11:28:28 | 000,131,456 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/06 11:28:28 | 000,130,414 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/06 11:28:28 | 000,127,367 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/06 11:28:28 | 000,127,109 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/06 11:28:28 | 000,115,195 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/06 11:28:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/02/06 11:28:28 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/06 11:28:28 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/06 11:28:28 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/06 11:28:28 | 000,013,476 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/06 11:28:28 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/06 11:28:13 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/02/06 11:27:11 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/02/06 11:26:25 | 000,001,646 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
[2012/02/06 11:25:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HpqKbFiltr_01009.Wdf
[2012/02/06 11:24:00 | 001,826,048 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2012/02/06 11:24:00 | 000,244,096 | ---- | C] ( ) -- C:\Windows\SysNative\csnp2uvc.dll
[2012/02/06 11:24:00 | 000,040,064 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2012/02/06 11:24:00 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/02/06 11:24:00 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/02/06 11:24:00 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2012/02/06 11:21:41 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/02/06 11:20:38 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2012/02/06 11:19:53 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/02/06 11:19:53 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/02/06 11:19:52 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/02/06 11:17:57 | 000,801,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/06 10:43:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/06 10:43:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/06 10:40:48 | 3169,603,584 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 12:40:54 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/12/06 22:16:34 | 000,181,072 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll
[2010/12/06 22:16:34 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll.hpsign

========== Custom Scans ==========


< :Commands >

< >

< :OTL >

< O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found >

< O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found >

< End of report >
  • 0

#7
cardav
Posted 26 February 2012 - 12:28 PM

cardav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And the rest

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Caroline.Davis :: CAROLINE-LPT [administrator]

26/02/2012 17:50:14
mbam-log-2012-02-26 (17-50-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344922
Time elapsed: 35 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
WhiteHat
Posted 26 February 2012 - 01:09 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please, read my instructions first before you do anything

Repeat the step 1. You need to click on the Run Fix button and not on the Run Scan button.

# Step 1 #

Please reopen Posted Image on your desktop.

  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7}  -  C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar)  -  {99079a25-328f-4bd4-be04-00955acaa0a7}  -  C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File  not  found
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Edited by GLeobas, 26 February 2012 - 01:10 PM.

  • 0

#9
cardav
Posted 27 February 2012 - 02:22 AM

cardav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (Searchqu Toolbar) not found.
File 328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found not found.

OTL by OldTimer - Version 3.2.33.2 log created on 02272012_081722
  • 0

#10
WhiteHat
Posted 27 February 2012 - 04:31 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How your computer is? Are you still with any problem?

# Step 1 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

# Step 2 #

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/...escan/index.php
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#11
NeonFx
Posted 04 March 2012 - 07:52 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP