Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects. IE in the background.


  • This topic is locked This topic is locked
31 replies to this topic

#1 tholls11

tholls11

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 November 2011 - 05:01 AM

I have Google redirects issues in all browsers - Firefox, Chrome and IE. Uninstalled all of them and downloaded Opera. Opera doesn't seem to have that problem.

Tried to do DDS and GMER, I wasn't able to complete either of them as the computer hangs before they are done. Help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 November 2011 - 11:09 AM

This is an urgent issue for me. Is there a way I can get paid service?

Thanks

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 PM

Posted 07 November 2011 - 03:13 PM

Hello tholls11

While I know how difficult it is to wait for help,all the logs here are important,urgent and want a speedy reply. Please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help members with malware issues. Although our MRT staff work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.

New and more devious malware infections are released almost daily. It then takes time for our Team to to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Or take it to a local shop and pay them. We will not be offended. We would only ask that you let us know if you are no longer waiting as I said our list is long and currently running three to five days.

Thank you for understanding.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 November 2011 - 03:31 PM

Thanks for the reply. I will wait for an expert to help me.

Thanks.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:39 PM

Posted 09 November 2011 - 04:16 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:39 PM

Posted 12 November 2011 - 01:56 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 15 November 2011 - 10:18 AM

Hi Gringo_pr - I am sorry for the late reply. I still need help with my laptop. I will send you OTL Logs soon. Thank you again!!!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:39 PM

Posted 15 November 2011 - 10:53 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 16 November 2011 - 12:09 AM

Hi Gringo - I was able to run the unhide.exe and OTL scan without any issues. Please find the logs below:

OTL logfile created on: 11/15/2011 10:48:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kregan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.52% Memory free
4.78 Gb Paging File | 3.79 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 2.72 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive D: | 278.09 Gb Total Space | 272.56 Gb Free Space | 98.01% Space Free | Partition Type: NTFS

Computer Name: US-kregan01 | User Name: kregan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kregan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\DTS.exe ()
PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()
MOD - C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\system32\DTS.exe ()
MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe ()
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe ()
SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe ()
SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (QDLService) -- C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
SRV - (FortiSslvpnDaemon) -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (NETwNx32) ___ Intel® -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (qcusbserlno) -- C:\WINDOWS\system32\drivers\qcusbserlno.sys (QUALCOMM Incorporated)
DRV - (qcusbnetlno) -- C:\WINDOWS\system32\drivers\qcusbnetlno.sys (QUALCOMM Incorporated)
DRV - (QCFilterlno) -- C:\WINDOWS\system32\drivers\qcfilterlno.sys (QUALCOMM Incorporated)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (pppop) -- C:\WINDOWS\system32\drivers\pppop.sys (Fortinet Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B0 A7 26 33 1F CC 01 [binary data]
IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.2.0
FF - prefs.js..extensions.enabledItems: rubyformatters@seleniumhq.org:1.0.1
FF - prefs.js..extensions.enabledItems: javaformatters@seleniumhq.org:1.0.3
FF - prefs.js..extensions.enabledItems: groovyformatters@seleniumhq.org:1.0.1
FF - prefs.js..extensions.enabledItems: perlformatters@seleniumhq.org:1.0.1
FF - prefs.js..extensions.enabledItems: phpformatters@seleniumhq.org:1.0.2
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.12
FF - prefs.js..extensions.enabledItems: pythonformatters@seleniumhq.org:1.0.1
FF - prefs.js..extensions.enabledItems: csharpformatters@seleniumhq.org:1.0.1
FF - prefs.js..network.proxy.http: "141.247.104.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\kregan\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)


[2011/01/10 09:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Extensions
[2011/10/13 22:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions
[2011/03/29 09:10:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/11 14:56:59 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2011/10/13 21:48:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/10/12 11:01:49 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011/06/28 12:33:57 | 000,000,000 | ---D | M] (Selenium IDE: Groovy Formatters) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\groovyformatters@seleniumhq.org
[2011/10/13 22:39:06 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\LogMeInClient@logmein.com
[2011/06/28 12:33:57 | 000,000,000 | ---D | M] (Selenium IDE: Perl Formatter) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\perlformatters@seleniumhq.org
[2011/06/28 12:33:57 | 000,000,000 | ---D | M] (Selenium IDE: PHP Formatters) -- C:\Documents and Settings\kregan\Application Data\Mozilla\Firefox\Profiles\qyxqbkyo.default\extensions\phpformatters@seleniumhq.org
[2011/11/02 21:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/25 09:39:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\{28197867-B1EF-4140-8E3B-55C45B9C8460}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\CACHE@STATUS.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\CSHARPFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\JAVAFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\PYTHONFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\kregan\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QYXQBKYO.DEFAULT\EXTENSIONS\RUBYFORMATTERS@SELENIUMHQ.ORG.XPI
[2010/12/15 13:09:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/18 08:31:05 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/02/18 08:31:05 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/02/18 08:31:10 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/02/18 08:31:13 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2011/02/18 08:31:03 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-582151217-3439393609-3592957753-2231..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-582151217-3439393609-3592957753-2231..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\kregan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-582151217-3439393609-3592957753-2231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting Web Starter)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sigma-aldrich-corp.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2D7DB87-BD6B-4448-BAB4-59A739C59528}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) -C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/29 11:02:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 22:47:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kregan\Desktop\OTL.exe
[2011/11/09 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Desktop\New Folder
[2011/11/07 14:49:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kregan\My Documents\gmer
[2011/11/07 03:23:13 | 000,607,260 | R--- | C] (Swearware) -- D:\Documents and Settings\kregan\My Documents\dds.scr
[2011/11/02 21:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Local Settings\Application Data\Opera
[2011/11/02 21:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Application Data\Opera
[2011/11/02 21:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/11/02 20:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Desktop\GooredFix Backups
[2011/11/02 00:47:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/02 00:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/02 00:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/02 00:41:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/02 00:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/02 00:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/02 00:39:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/02 00:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 00:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kregan\Start Menu\Programs\Administrative Tools
[2011/11/02 00:31:14 | 004,280,506 | R--- | C] (Swearware) -- C:\Documents and Settings\kregan\Desktop\ComboFix.exe
[2011/11/01 20:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Local Settings\Application Data\Identities
[2011/11/01 20:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Application Data\Windows Desktop Search
[2011/11/01 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Application Data\Malwarebytes
[2011/11/01 20:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/01 20:25:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/01 20:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/01 16:55:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kregan\Recent
[2011/10/28 07:22:23 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/10/28 07:22:23 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/10/27 16:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/27 16:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/24 07:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Local Settings\Application Data\Google
[2011/10/22 07:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Local Settings\Application Data\ApplicationHistory
[2011/10/22 07:18:44 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/10/22 07:18:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/10/22 07:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\$hf_mig$
[2011/10/22 07:17:51 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/10/21 14:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/21 13:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/21 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/20 08:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kregan\Desktop\CAT
[2011/10/17 09:06:25 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/01/06 15:31:02 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2011/01/06 15:31:01 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2011/01/06 15:31:01 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2011/01/06 15:31:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2010/11/30 16:10:06 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/11/30 16:10:02 | 000,232,448 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[77 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/15 22:53:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/15 22:50:15 | 000,508,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/15 22:50:15 | 000,088,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/15 22:48:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/15 22:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kregan\Desktop\OTL.exe
[2011/11/15 22:46:12 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/11/15 22:46:06 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/11/15 22:45:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/15 22:45:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-582151217-3439393609-3592957753-2231.job
[2011/11/15 22:45:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 22:42:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/11/15 22:39:07 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\unhide.exe
[2011/11/10 14:47:40 | 000,020,143 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_11_10 14_47.rtf
[2011/11/10 14:12:36 | 000,710,725 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\WmPartners.zip
[2011/11/10 12:26:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/10 10:31:35 | 000,015,341 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\m1ak5c006bd3b4r7000146fq.xml
[2011/11/10 10:07:22 | 000,018,787 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\Inv10615.xml
[2011/11/10 08:39:56 | 000,001,380 | RHS- | M] () -- C:\Documents and Settings\kregan\ntuser.pol
[2011/11/07 14:37:17 | 000,294,216 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\gmer.zip
[2011/11/07 03:23:13 | 000,607,260 | R--- | M] (Swearware) -- D:\Documents and Settings\kregan\My Documents\dds.scr
[2011/11/07 03:21:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kregan\defogger_reenable
[2011/11/07 03:20:13 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\Defogger.exe
[2011/11/02 21:18:46 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/02 21:18:46 | 000,001,494 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/02 00:47:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/02 00:31:26 | 004,280,506 | R--- | M] (Swearware) -- C:\Documents and Settings\kregan\Desktop\ComboFix.exe
[2011/11/01 20:25:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/01 13:02:09 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/31 21:19:55 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/31 18:36:27 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/28 08:09:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/27 17:29:48 | 000,066,340 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\On-Demand Statement.pdf
[2011/10/27 14:44:52 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\MT_FCI_RESPONSE.3.xml
[2011/10/27 09:29:59 | 000,018,371 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\test.xml
[2011/10/26 13:25:35 | 000,000,408 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_26 14_25.rtf
[2011/10/26 12:08:28 | 000,000,498 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_26 13_08.rtf
[2011/10/25 14:09:52 | 000,001,737 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_25 15_09.rtf
[2011/10/24 13:30:33 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\01-INOVIS_INC_2014.zip
[2011/10/24 11:33:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-582151217-3439393609-3592957753-2231.job
[2011/10/24 09:29:42 | 000,013,974 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\COResponse_Sample.xml
[2011/10/24 05:41:43 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 12:09:40 | 000,141,778 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\IMG_22102011_020916.png
[2011/10/21 10:24:49 | 000,086,868 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\New_Product.jpg
[2011/10/21 09:14:08 | 000,089,329 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\QuickQuote.jpg
[2011/10/20 15:59:22 | 004,066,449 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\tregan3-New copy.jpg
[2011/10/20 08:41:43 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\proposed.vsd
[2011/10/19 16:31:03 | 017,204,800 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\5.1 Portal User's Guide (English).zip
[2011/10/19 07:25:38 | 000,019,680 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\POR_4500483987.xml
[2011/10/18 15:57:55 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\Advocate
[2011/10/18 14:12:59 | 000,007,501 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\MT_Agreement.xml
[2011/10/18 09:33:00 | 000,000,434 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\ChatLog CAT_ Rail _ Integration 2011_10_18 10_33.rtf
[2011/10/17 15:56:06 | 000,002,982 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\IMG_18102011_055554.png
[2011/10/17 14:58:50 | 000,006,825 | ---- | M] () -- D:\Documents and Settings\kregan\My Documents\IMG_18102011_045829.png
[2011/10/17 10:21:57 | 000,212,313 | ---- | M] () -- C:\Documents and Settings\kregan\Desktop\Prevailing Wage Request (regan).pdf
[77 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/15 22:42:42 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/15 22:42:39 | 000,002,289 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/15 22:42:39 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/15 22:42:26 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Fiddler2.lnk
[2011/11/15 22:42:26 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/15 22:39:05 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\unhide.exe
[2011/11/10 14:47:40 | 000,020,143 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_11_10 14_47.rtf
[2011/11/10 14:12:36 | 000,710,725 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\WmPartners.zip
[2011/11/10 10:31:35 | 000,015,341 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\m1ak5c006bd3b4r7000146fq.xml
[2011/11/10 10:07:22 | 000,018,787 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\Inv10615.xml
[2011/11/07 14:36:56 | 000,294,216 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\gmer.zip
[2011/11/07 03:21:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kregan\defogger_reenable
[2011/11/07 03:20:13 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\Defogger.exe
[2011/11/02 21:18:46 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/02 21:18:46 | 000,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/02 21:18:45 | 000,001,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/02 00:47:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/02 00:47:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/02 00:41:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/02 00:41:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/02 00:41:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/02 00:41:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/02 00:41:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/01 20:53:05 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VitalSource Bookshelf.lnk
[2011/11/01 20:53:05 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/01 20:53:05 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/11/01 20:53:05 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toad for MySQL 5.0 Freeware.lnk
[2011/11/01 20:53:05 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stylus Studio 2009 XML Enterprise Suite.lnk
[2011/11/01 20:53:05 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweak SAP GUI.lnk
[2011/11/01 20:53:05 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SAP Logon.lnk
[2011/11/01 20:53:01 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/01 20:53:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/01 20:53:01 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/01 20:53:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\kregan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/01 20:52:57 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/11/01 20:52:57 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/11/01 20:52:57 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/11/01 20:52:55 | 000,002,373 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VitalSource Bookshelf.lnk
[2011/11/01 20:52:55 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/11/01 20:52:55 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/11/01 20:52:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/01 20:52:54 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/01 20:52:54 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TextPad.lnk
[2011/11/01 20:52:54 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/11/01 20:52:54 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/11/01 20:25:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 17:29:47 | 000,066,340 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\On-Demand Statement - J.P. Morgan Retirement Plan Services.pdf
[2011/10/27 14:44:52 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\MT_FCI_RESPONSE.3.xml
[2011/10/27 09:29:59 | 000,018,371 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\test.xml
[2011/10/26 13:25:35 | 000,000,408 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_26 14_25.rtf
[2011/10/26 12:08:28 | 000,000,498 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_26 13_08.rtf
[2011/10/25 14:09:52 | 000,001,737 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\ChatLog Meet Now 2011_10_25 15_09.rtf
[2011/10/24 13:30:33 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\01-INOVIS_INC_2014.zip
[2011/10/24 09:29:42 | 000,013,974 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\COResponse_Sample.xml
[2011/10/21 12:09:33 | 000,141,778 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\IMG_22102011_020916.png
[2011/10/21 10:24:47 | 000,086,868 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\New_Product.jpg
[2011/10/21 08:35:52 | 000,089,329 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\QuickQuote.jpg
[2011/10/20 15:59:28 | 004,066,449 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\tregan3-New copy.jpg
[2011/10/20 08:41:43 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\CATToBeFlowV13_proposed.vsd
[2011/10/19 16:30:59 | 017,204,800 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\5.1 Portal User's Guide (English).zip
[2011/10/19 07:25:38 | 000,019,680 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\POR_4500483987.xml
[2011/10/18 14:12:59 | 000,007,501 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\MT_Agreement.xml
[2011/10/18 09:33:00 | 000,000,434 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\ChatLog CAT_ Rail _ Integration 2011_10_18 10_33.rtf
[2011/10/17 15:56:05 | 000,002,982 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\IMG_18102011_055554.png
[2011/10/17 14:58:49 | 000,006,825 | ---- | C] () -- D:\Documents and Settings\kregan\My Documents\IMG_18102011_045829.png
[2011/10/17 10:21:55 | 000,212,313 | ---- | C] () -- C:\Documents and Settings\kregan\Desktop\Prevailing Wage Request (regan).pdf
[2011/03/05 20:52:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\kregan\Local Settings\Application Data\PUTTY.RND
[2011/01/10 09:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/06 15:32:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2011/01/06 15:31:00 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2011/01/06 15:31:00 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2011/01/06 15:29:36 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011/01/06 15:29:36 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011/01/06 15:29:36 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011/01/06 15:29:36 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011/01/06 15:29:36 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011/01/06 15:29:13 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010/12/29 13:36:01 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\kregan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/12 02:56:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/07 09:59:41 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 16:50:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/30 16:41:27 | 002,162,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/30 16:40:47 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/11/30 16:40:47 | 000,000,268 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2010/11/30 16:10:06 | 003,486,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/11/30 16:10:06 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/11/30 16:10:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/11/30 16:04:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/30 16:04:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/30 16:03:59 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/30 16:03:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/30 15:56:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/11/30 15:55:32 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/11/30 15:54:17 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/11/30 10:47:05 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/11/30 10:46:58 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/11/29 11:07:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 10:59:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/28 13:50:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/28 13:48:55 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/21 02:07:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2010/10/21 02:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2010/09/27 12:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/09/27 11:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2010/09/22 13:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,508,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,088,976 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >
[2010/11/30 11:19:55 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\desktop.ini
[2011/05/17 08:36:13 | 000,000,324 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\My Bluetooth Places.lnk
[2011/01/25 17:17:29 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2011/01/25 17:17:29 | 000,002,002 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2010/11/30 11:19:55 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2010/11/30 16:11:53 | 000,001,641 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\ThinkVantage Productivity Center.lnk
[2010/11/29 11:02:50 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2010/12/01 09:11:44 | 000,001,509 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2011/02/05 01:32:27 | 000,002,315 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
[2010/11/29 11:01:42 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
[2011/04/11 15:00:18 | 000,001,547 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Fiddler2.lnk
[2011/05/17 08:02:05 | 000,000,721 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\LogMeIn.lnk
[2011/10/12 10:52:24 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2011/05/17 08:36:13 | 000,000,324 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\My Bluetooth Places.lnk
[2011/01/27 10:07:24 | 000,001,578 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\TextPad.lnk
[2011/04/12 20:10:05 | 000,002,373 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\VitalSource Bookshelf.lnk
[2010/11/30 16:22:49 | 000,000,955 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
[2010/11/29 11:01:42 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/11/30 11:39:40 | 000,001,803 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Windows Search.lnk
[2010/12/27 20:48:55 | 000,001,500 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/12/07 09:09:17 | 000,000,255 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2011/01/10 11:30:14 | 000,001,517 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2010/11/30 11:19:51 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/12/07 09:09:17 | 000,000,712 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2010/11/29 10:59:44 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2010/11/29 10:59:44 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2010/11/29 10:59:44 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2010/11/30 11:20:58 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2010/11/29 10:59:44 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2010/11/29 10:57:44 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2010/11/29 11:01:35 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2010/11/29 10:57:44 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2010/11/30 11:20:58 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2010/11/29 10:59:44 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2010/11/29 10:59:44 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2010/11/29 10:59:44 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2010/11/29 11:02:50 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2010/11/29 10:59:44 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2010/11/29 11:02:50 | 000,000,757 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2011/05/17 07:28:37 | 000,001,534 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2011/05/17 09:37:48 | 000,001,574 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/11/29 11:02:50 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2010/11/29 11:01:40 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2010/11/29 11:01:37 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2011/10/31 18:44:39 | 000,001,618 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2010/11/30 14:11:20 | 000,002,011 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2010/11/30 14:11:23 | 000,002,081 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2010/11/30 16:40:42 | 000,000,693 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\activepdf\primoinstaller\Launch PrimoPDF_instructions.pdf.lnk
[2010/11/29 10:59:28 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2011/03/24 21:05:27 | 000,001,604 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2010/11/29 11:02:50 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2010/11/29 11:02:50 | 000,000,545 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2010/11/29 11:02:50 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2010/11/29 11:02:50 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2010/11/30 11:37:49 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2010/11/30 11:37:49 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2010/11/29 11:02:50 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2011/01/26 14:43:30 | 000,001,604 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2010/12/15 16:06:40 | 000,001,970 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\BlackBerry Desktop Software.lnk
[2010/12/15 16:06:40 | 000,001,973 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\Readme.lnk
[2011/01/06 15:30:44 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\__sap.dir
[2011/01/06 15:30:44 | 000,001,042 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Analyzer (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,000,962 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Browser (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,000,984 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Download Scheduler (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,000,986 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Formatted Reporting (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,000,976 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Query Designer (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,001,003 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Web Application Designer (SAP BW 3.x).lnk
[2011/01/06 15:30:44 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\__sap.dir
[2011/01/06 15:32:12 | 000,001,044 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Planning Applications\Merchandise and Assortment Planning.lnk
[2011/01/06 15:32:12 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Business Explorer\Business Explorer (SAP BW 3.x)\Planning Applications\__sap.dir
[2010/11/30 16:04:39 | 000,001,789 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Advanced.lnk
[2010/11/30 16:04:39 | 000,001,783 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Wizard.lnk
[2010/11/30 16:04:39 | 000,001,777 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
[2010/11/30 16:04:39 | 000,001,791 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
[2010/11/30 16:04:39 | 000,001,773 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Restart Runtime.lnk
[2010/11/30 16:39:19 | 000,001,966 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Cisco Systems VPN Client\Set MTU.lnk
[2011/11/01 16:46:17 | 000,002,445 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Cisco Systems VPN Client\VPN Client.lnk
[2011/03/05 20:47:09 | 000,001,798 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Fortinet\FortiClient SSL VPN\FortiClient SSL VPN.lnk
[2010/11/30 16:31:01 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/11/29 10:59:44 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2010/11/29 10:59:44 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/11/30 16:31:01 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/11/30 16:31:01 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/11/30 16:31:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2010/11/30 16:31:01 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2010/11/30 16:31:01 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/11/29 10:59:44 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/11/29 10:59:44 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2010/11/29 10:59:44 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2010/11/29 10:59:44 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2010/11/30 16:10:02 | 000,001,082 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Integrated Camera\Uninstall.lnk
[2010/11/30 16:38:16 | 000,001,842 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\McAfee\On-Access Scan.lnk
[2010/11/30 16:38:16 | 000,001,849 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\McAfee\On-Demand Scan.lnk
[2010/11/30 16:38:16 | 000,001,855 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\McAfee\VirusScan Console.lnk
[2010/11/30 16:49:51 | 000,002,004 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
[2011/10/27 10:06:05 | 000,002,507 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
[2010/11/30 16:49:51 | 000,002,062 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk
[2010/11/30 16:49:51 | 000,002,060 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk
[2011/10/13 09:22:25 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
[2011/10/12 04:39:42 | 000,002,485 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Project 2003.lnk
[2010/11/30 16:49:51 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk
[2011/10/21 07:57:31 | 000,002,387 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Visio 2003.lnk
[2011/10/14 12:11:42 | 000,002,509 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
[2011/10/20 09:35:07 | 000,002,379 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Visio 2010.lnk
[2011/01/03 15:03:32 | 000,002,022 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk
[2011/01/03 15:03:32 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk
[2011/01/03 15:03:32 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk
[2011/01/03 15:03:32 | 000,001,950 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk
[2011/01/03 15:03:32 | 000,001,966 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk
[2011/01/25 17:19:49 | 000,002,022 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2011/01/25 17:19:49 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2011/01/25 17:19:49 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
[2011/01/25 17:19:49 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
[2010/11/30 16:49:51 | 000,002,020 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
[2011/01/25 17:19:49 | 000,001,876 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2010/11/30 16:49:51 | 000,002,140 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2010/11/30 16:49:51 | 000,002,142 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2010/11/30 16:49:51 | 000,001,964 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/10/27 16:58:48 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2011/03/05 21:20:03 | 000,002,563 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\MySQL\MySQL Server 5.0\MySQL Command Line Client.lnk
[2011/03/05 21:04:17 | 000,001,900 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\MySQL\MySQL Server 5.0\MySQL Server Instance Config Wizard.lnk
[2011/05/17 08:40:05 | 000,001,606 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\NetWaiting\NetWaiting.lnk
[2010/12/07 09:59:45 | 000,000,730 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\AFPL License.lnk
[2010/12/07 09:59:45 | 000,001,449 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\Donate PDFCreator.lnk
[2010/12/07 09:59:45 | 000,000,750 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\FairPlay License.lnk
[2010/12/07 09:59:45 | 000,000,725 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\GPL License.lnk
[2010/12/07 09:59:45 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\History.lnk
[2010/12/07 09:59:45 | 000,000,760 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\PDFCreator Help.lnk
[2010/12/07 09:59:45 | 000,001,415 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\PDFCreator on the Web.lnk
[2010/12/07 09:59:45 | 000,001,594 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\PDFCreator.lnk
[2010/12/07 09:59:45 | 000,000,831 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\PDFCreator\Translation Tool.lnk
[2011/03/05 21:05:58 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Quest Software\Toad for MySQL\Toad for MySQL 5.0 Freeware.lnk
[2011/03/05 21:05:58 | 000,000,917 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Quest Software\Toad for MySQL\Documentation\Toad for MySQL 5.0 Freeware Help.lnk
[2011/03/05 21:05:58 | 000,000,862 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Quest Software\Toad for MySQL\Documentation\Toad for MySQL 5.0 Freeware Release Notes.lnk
[2011/01/06 15:29:54 | 000,000,645 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP GUI Configuration.lnk
[2011/01/06 15:31:02 | 000,000,739 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Interactive Excel.lnk
[2011/01/06 15:30:53 | 000,000,916 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Logon.lnk
[2011/01/06 15:30:45 | 000,000,938 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Printer Daemon.lnk
[2011/01/06 15:30:44 | 000,000,966 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\Tweak SAP GUI.lnk
[2011/01/06 15:29:54 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\__sap.dir
[2011/01/06 15:31:03 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\General Add-On\__sap.dir
[2011/01/06 15:31:03 | 000,000,873 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\General Add-On\SAPphone\Server.lnk
[2011/01/06 15:31:03 | 000,000,925 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\General Add-On\SAPphone\Update.lnk
[2011/01/06 15:31:03 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\General Add-On\SAPphone\__sap.dir
[2011/01/06 15:31:00 | 000,000,945 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\R3 Add-On\ECCS - Data Entry.lnk
[2011/01/06 15:31:00 | 000,000,940 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\R3 Add-On\FILC - Data Entry.lnk
[2011/01/06 15:31:00 | 000,000,719 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\R3 Add-On\PS Export Interfaces.lnk
[2011/01/06 15:31:00 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\R3 Add-On\__sap.dir
[2011/01/06 15:30:25 | 000,000,940 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Knowledge Warehouse\Knowledge Workbench.lnk
[2011/01/06 15:30:30 | 000,001,075 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Knowledge Warehouse\SAP KW Translator.lnk
[2011/01/06 15:32:11 | 000,000,957 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Knowledge Warehouse\SAP KW Viewer.lnk
[2011/01/06 15:30:25 | 000,000,000 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\SAP Front End\SAP Knowledge Warehouse\__sap.dir
[2011/11/01 16:27:35 | 000,002,277 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2011/10/12 10:16:28 | 000,001,603 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Software AG\Tools\Developer 8.0.lnk
[2011/10/12 10:16:28 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Software AG\Tools\Trading Networks Console 8.0.lnk
[2011/05/17 08:34:18 | 000,000,643 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Startup\Bluetooth.lnk
[2010/11/29 11:02:50 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/05/17 08:40:09 | 000,001,620 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Startup\Digital Line Detect.lnk
[2011/11/01 16:26:49 | 000,002,447 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Startup\VPN Client.lnk
[2011/01/03 10:10:42 | 000,001,922 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Stylus Studio 2009 XML Enterprise\Examples project.lnk
[2011/01/03 10:10:42 | 000,001,297 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Stylus Studio 2009 XML Enterprise\Stylus Studio Documentation.lnk
[2011/01/03 10:10:39 | 000,001,836 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\Stylus Studio 2009 XML Enterprise\Stylus Studio.lnk
[2011/05/17 08:26:56 | 000,001,807 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Access Connections.lnk
[2010/11/30 16:00:21 | 000,001,779 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Active Protection System.lnk
[2010/11/30 15:55:10 | 000,001,675 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\EasyEject Utility.lnk
[2010/11/30 16:09:41 | 000,001,651 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Help Center.lnk
[2010/11/30 15:56:00 | 000,000,623 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Keyboard Customizer Utility.lnk
[2011/05/17 08:41:53 | 000,001,820 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Lenovo Fingerprint Software.lnk
[2011/05/17 08:37:39 | 000,001,672 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Lenovo ThinkVantage Toolbox.lnk
[2010/11/30 16:11:25 | 000,001,663 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Message Center.lnk
[2011/05/17 08:29:04 | 000,001,661 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Power Manager.lnk
[2011/05/17 08:25:37 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Presentation Director.lnk
[2010/11/30 16:11:53 | 000,001,653 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\Productivity Center.lnk
[2010/11/30 15:04:12 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\ThinkVantage\System Update.lnk
[2011/10/21 15:39:08 | 000,001,527 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\webMethods 80\Tools\Developer 8.0.lnk
[2011/10/12 05:08:11 | 000,000,647 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\1\Programs\webMethods 80\Tools\Trading Networks Console 8.0.lnk
[2010/12/01 09:54:42 | 000,000,060 | -HS- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\desktop.ini
[2011/10/31 18:36:27 | 000,002,289 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2010/12/01 09:54:43 | 000,000,817 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/11/01 13:02:09 | 000,000,794 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Launch Microsoft Office Outlook.lnk
[2011/10/12 10:52:24 | 000,000,744 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2010/12/01 09:54:42 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2010/12/20 11:03:49 | 000,000,802 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2010/12/15 16:06:40 | 000,001,958 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\BlackBerry Desktop Software.lnk
[2011/10/12 10:52:24 | 000,000,726 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/01/06 15:30:53 | 000,000,904 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\SAP Logon.lnk
[2011/10/28 08:09:49 | 000,002,265 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\Skype.lnk
[2011/01/03 10:11:35 | 000,001,824 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\Stylus Studio 2009 XML Enterprise Suite.lnk
[2011/03/05 21:05:58 | 000,001,890 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\Toad for MySQL 5.0 Freeware.lnk
[2011/01/06 15:30:45 | 000,000,954 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\Tweak SAP GUI.lnk
[2011/04/01 22:35:09 | 000,002,369 | ---- | M] () -- C:\DOCUME~1\kregan\LOCALS~1\Temp\smtmp\4\VitalSource Bookshelf.lnk

< End of report >

#10 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 16 November 2011 - 12:22 AM

Gringo - I should also mention that iexplorer, rundll32 processes are occupying very large amounts of memory after a few mins. There is also background audio playing even when I close all the applications.

Thanks.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:39 PM

Posted 16 November 2011 - 12:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 17 November 2011 - 09:59 AM

Hi Gringo - I was able to download TDSKiller but when I double click it nothing happens. The application is not getting launched. I even tried in safe mode but it has the same problem.

Thanks.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:39 PM

Posted 17 November 2011 - 01:12 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 17 November 2011 - 01:57 PM

I downloaded and ran fixTDSS. It actually prompted to restart.I restarted and once I logged in, it prompted automatically that "*** Infected MBR detected". I clicked on repair.

I restarted again and ran the TDSSKiller. It didn't find any threats. Only 235 Objects were processed... it didn't take much time either. Here is the full report:




12:49:34.0425 2284 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:49:36.0419 2284 ============================================================
12:49:36.0649 2284 Current date / time: 2011/11/17 12:49:36.0419
12:49:36.0649 2284 SystemInfo:
12:49:36.0649 2284
12:49:36.0649 2284 OS Version: 5.1.2600 ServicePack: 3.0
12:49:36.0649 2284 Product type: Workstation
12:49:36.0649 2284 ComputerName: US-kregan01
12:49:36.0649 2284 UserName: kregan
12:49:36.0649 2284 Windows directory: C:\WINDOWS
12:49:36.0649 2284 System windows directory: C:\WINDOWS
12:49:36.0649 2284 Processor architecture: Intel x86
12:49:36.0649 2284 Number of processors: 2
12:49:36.0649 2284 Page size: 0x1000
12:49:36.0649 2284 Boot type: Normal boot
12:49:36.0649 2284 ============================================================
12:49:43.0413 2284 Initialize success
12:49:58.0229 4524 ============================================================
12:49:58.0229 4524 Scan started
12:49:58.0229 4524 Mode: Manual;
12:49:58.0229 4524 ============================================================
12:50:00.0330 4524 Abiosdsk - ok
12:50:00.0361 4524 abp480n5 - ok
12:50:00.0407 4524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:50:00.0422 4524 ACPI - ok
12:50:00.0499 4524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:50:00.0499 4524 ACPIEC - ok
12:50:00.0545 4524 adpu160m - ok
12:50:00.0729 4524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:50:00.0744 4524 aec - ok
12:50:00.0913 4524 AegisP (b8a5ae35b5bbb8e0dbd6689bb3261feb) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:50:00.0944 4524 AegisP - ok
12:50:01.0005 4524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:50:01.0051 4524 AFD - ok
12:50:01.0174 4524 Aha154x - ok
12:50:01.0220 4524 aic78u2 - ok
12:50:01.0235 4524 aic78xx - ok
12:50:01.0251 4524 AliIde - ok
12:50:01.0297 4524 amsint - ok
12:50:01.0327 4524 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
12:50:01.0373 4524 ANC - ok
12:50:01.0419 4524 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:50:01.0435 4524 Arp1394 - ok
12:50:01.0435 4524 asc - ok
12:50:01.0450 4524 asc3350p - ok
12:50:01.0465 4524 asc3550 - ok
12:50:01.0496 4524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:50:01.0511 4524 AsyncMac - ok
12:50:01.0527 4524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:50:01.0542 4524 atapi - ok
12:50:01.0557 4524 Atdisk - ok
12:50:01.0726 4524 ati2mtag (bde0f5d73c04b3f16672a7e6ea9d2392) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:50:01.0787 4524 ati2mtag - ok
12:50:01.0864 4524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:50:01.0879 4524 Atmarpc - ok
12:50:01.0910 4524 ATSwpWDF (51d379db1c53c2a55fdf9372e748e5c7) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
12:50:01.0972 4524 ATSwpWDF - ok
12:50:02.0002 4524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:50:02.0002 4524 audstub - ok
12:50:02.0018 4524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:50:02.0033 4524 Beep - ok
12:50:02.0110 4524 btaudio (9e8cf88d340e32fcb3c53955b2df388f) C:\WINDOWS\system32\drivers\btaudio.sys
12:50:02.0156 4524 btaudio - ok
12:50:02.0278 4524 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
12:50:02.0324 4524 BTDriver - ok
12:50:02.0370 4524 BTKRNL (d26b5b9a40a2b2191b35c76d5cbf5d2a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:50:02.0432 4524 BTKRNL - ok
12:50:02.0462 4524 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:50:02.0524 4524 BTWDNDIS - ok
12:50:02.0570 4524 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:50:02.0600 4524 btwmodem - ok
12:50:02.0631 4524 BTWUSB (7696f6f2e63086eeedb76b71bb7bb455) C:\WINDOWS\system32\Drivers\btwusb.sys
12:50:02.0708 4524 BTWUSB - ok
12:50:02.0738 4524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:50:02.0754 4524 cbidf2k - ok
12:50:02.0861 4524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:50:02.0876 4524 CCDECODE - ok
12:50:02.0922 4524 cd20xrnt - ok
12:50:02.0968 4524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:50:03.0014 4524 Cdaudio - ok
12:50:03.0060 4524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:50:03.0060 4524 Cdfs - ok
12:50:03.0168 4524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:50:03.0183 4524 Cdrom - ok
12:50:03.0214 4524 Changer - ok
12:50:03.0260 4524 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:50:03.0275 4524 CmBatt - ok
12:50:03.0413 4524 CmdIde - ok
12:50:03.0536 4524 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys
12:50:03.0613 4524 CnxtHdAudService - ok
12:50:03.0643 4524 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:50:03.0659 4524 Compbatt - ok
12:50:03.0751 4524 Cpqarray - ok
12:50:03.0873 4524 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:50:03.0919 4524 CVirtA - ok
12:50:04.0088 4524 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
12:50:04.0119 4524 CVPNDRVA - ok
12:50:04.0180 4524 dac2w2k - ok
12:50:04.0211 4524 dac960nt - ok
12:50:04.0272 4524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:50:04.0288 4524 Disk - ok
12:50:04.0334 4524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:50:04.0395 4524 dmboot - ok
12:50:04.0426 4524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:50:04.0441 4524 dmio - ok
12:50:04.0472 4524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:50:04.0472 4524 dmload - ok
12:50:04.0579 4524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:50:04.0579 4524 DMusic - ok
12:50:04.0656 4524 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:50:04.0702 4524 DNE - ok
12:50:04.0824 4524 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
12:50:04.0886 4524 DozeHDD - ok
12:50:04.0916 4524 dpti2o - ok
12:50:05.0008 4524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:50:05.0024 4524 drmkaud - ok
12:50:05.0116 4524 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
12:50:05.0192 4524 e1yexpress - ok
12:50:05.0254 4524 EGATHDRV (938f1ec77ba35858248e584b2d2e9776) C:\WINDOWS\system32\EGATHDRV.SYS
12:50:05.0300 4524 EGATHDRV - ok
12:50:05.0361 4524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:50:05.0361 4524 Fastfat - ok
12:50:05.0438 4524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:50:05.0438 4524 Fdc - ok
12:50:05.0499 4524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:50:05.0499 4524 Fips - ok
12:50:05.0607 4524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:50:05.0607 4524 Flpydisk - ok
12:50:05.0653 4524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:50:05.0668 4524 FltMgr - ok
12:50:05.0683 4524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:50:05.0683 4524 Fs_Rec - ok
12:50:05.0745 4524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:50:05.0745 4524 Ftdisk - ok
12:50:05.0791 4524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:50:05.0791 4524 Gpc - ok
12:50:05.0821 4524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:50:05.0821 4524 HDAudBus - ok
12:50:05.0883 4524 HECI (30d57ee84e1e169d41a6e873b549a096) C:\WINDOWS\system32\DRIVERS\HECI.sys
12:50:05.0959 4524 HECI - ok
12:50:06.0051 4524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:50:06.0067 4524 HidUsb - ok
12:50:06.0082 4524 hpn - ok
12:50:06.0143 4524 HSFHWAZL (e00f1b45cf941e847828124a6c1c2487) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:50:06.0189 4524 HSFHWAZL - ok
12:50:06.0205 4524 HSF_DPV (709154326ef5089e011086781672a98f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:50:06.0251 4524 HSF_DPV - ok
12:50:06.0312 4524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:50:06.0312 4524 HTTP - ok
12:50:06.0327 4524 i2omgmt - ok
12:50:06.0343 4524 i2omp - ok
12:50:06.0404 4524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:50:06.0404 4524 i8042prt - ok
12:50:06.0450 4524 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
12:50:06.0481 4524 IBMPMDRV - ok
12:50:06.0542 4524 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
12:50:06.0619 4524 IBMTPCHK - ok
12:50:06.0680 4524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:50:06.0680 4524 Imapi - ok
12:50:06.0757 4524 ini910u - ok
12:50:06.0803 4524 IntelIde - ok
12:50:06.0895 4524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:50:06.0941 4524 intelppm - ok
12:50:07.0033 4524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:50:07.0048 4524 Ip6Fw - ok
12:50:07.0140 4524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:50:07.0140 4524 IpFilterDriver - ok
12:50:07.0355 4524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:50:07.0447 4524 IpInIp - ok
12:50:07.0493 4524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:50:07.0524 4524 IpNat - ok
12:50:07.0631 4524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:50:07.0631 4524 IPSec - ok
12:50:07.0662 4524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:50:07.0662 4524 IRENUM - ok
12:50:07.0723 4524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:50:07.0739 4524 isapnp - ok
12:50:07.0846 4524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:50:07.0861 4524 Kbdclass - ok
12:50:07.0999 4524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:50:07.0999 4524 kmixer - ok
12:50:08.0045 4524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:50:08.0045 4524 KSecDD - ok
12:50:08.0091 4524 lbrtfdc - ok
12:50:08.0122 4524 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
12:50:08.0199 4524 lenovo.smi - ok
12:50:08.0275 4524 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
12:50:08.0352 4524 LMIInfo - ok
12:50:08.0383 4524 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:50:08.0444 4524 lmimirr - ok
12:50:08.0551 4524 LMIRfsClientNP - ok
12:50:08.0674 4524 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:50:08.0720 4524 LMIRfsDriver - ok
12:50:08.0920 4524 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
12:50:08.0996 4524 MBAMProtector - ok
12:50:09.0104 4524 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:50:09.0180 4524 mdmxsdk - ok
12:50:09.0380 4524 mfeapfk (d0813cf480e3d38a265f3be86522bf3b) C:\WINDOWS\system32\drivers\mfeapfk.sys
12:50:09.0441 4524 mfeapfk - ok
12:50:09.0594 4524 mfeavfk (04440cc0f5f89933babd585cc5f2f70e) C:\WINDOWS\system32\drivers\mfeavfk.sys
12:50:09.0656 4524 mfeavfk - ok
12:50:09.0732 4524 mfebopk (f6e257c31e0c354a2ed22bf5026c2466) C:\WINDOWS\system32\drivers\mfebopk.sys
12:50:09.0732 4524 mfebopk - ok
12:50:09.0809 4524 mfehidk (79fae8ce9a478f79b74873a810c8227e) C:\WINDOWS\system32\drivers\mfehidk.sys
12:50:09.0855 4524 mfehidk - ok
12:50:10.0131 4524 mferkdet (f21bf10a3784e52eec925bb5f7d3fffa) C:\WINDOWS\system32\drivers\mferkdet.sys
12:50:10.0177 4524 mferkdet - ok
12:50:10.0377 4524 mfetdik (f2d4d0f8e230257a0be36df803b549d1) C:\WINDOWS\system32\drivers\mfetdik.sys
12:50:10.0392 4524 mfetdik - ok
12:50:10.0530 4524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:50:10.0530 4524 mnmdd - ok
12:50:10.0683 4524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:50:10.0683 4524 Modem - ok
12:50:10.0806 4524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:50:10.0867 4524 Mouclass - ok
12:50:11.0159 4524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:50:11.0220 4524 mouhid - ok
12:50:11.0450 4524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:50:11.0481 4524 MountMgr - ok
12:50:11.0588 4524 mraid35x - ok
12:50:11.0711 4524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:50:11.0757 4524 MRxDAV - ok
12:50:11.0972 4524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:50:12.0125 4524 MRxSmb - ok
12:50:12.0294 4524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:50:12.0294 4524 Msfs - ok
12:50:12.0401 4524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:50:12.0447 4524 MSKSSRV - ok
12:50:12.0585 4524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:50:12.0616 4524 MSPCLOCK - ok
12:50:12.0647 4524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:50:12.0662 4524 MSPQM - ok
12:50:12.0708 4524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:50:12.0723 4524 mssmbios - ok
12:50:12.0739 4524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:50:12.0754 4524 MSTEE - ok
12:50:12.0785 4524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:50:12.0831 4524 Mup - ok
12:50:12.0861 4524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:50:12.0861 4524 NABTSFEC - ok
12:50:12.0877 4524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:50:12.0892 4524 NDIS - ok
12:50:12.0938 4524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:50:12.0953 4524 NdisIP - ok
12:50:12.0969 4524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:50:13.0015 4524 NdisTapi - ok
12:50:13.0030 4524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:50:13.0030 4524 Ndisuio - ok
12:50:13.0061 4524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:50:13.0076 4524 NdisWan - ok
12:50:13.0137 4524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:50:13.0168 4524 NDProxy - ok
12:50:13.0183 4524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:50:13.0183 4524 NetBIOS - ok
12:50:13.0229 4524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:50:13.0245 4524 NetBT - ok
12:50:13.0475 4524 NETwNx32 (b523d4d55aa6f15e4c4de1a6107cd149) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
12:50:13.0950 4524 NETwNx32 - ok
12:50:14.0073 4524 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:50:14.0088 4524 NIC1394 - ok
12:50:14.0272 4524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:50:14.0288 4524 Npfs - ok
12:50:14.0380 4524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:50:14.0472 4524 Ntfs - ok
12:50:14.0502 4524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:50:14.0518 4524 Null - ok
12:50:14.0549 4524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:50:14.0564 4524 NwlnkFlt - ok
12:50:14.0579 4524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:50:14.0579 4524 NwlnkFwd - ok
12:50:14.0610 4524 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:50:14.0625 4524 ohci1394 - ok
12:50:14.0687 4524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:50:14.0702 4524 Parport - ok
12:50:14.0763 4524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:50:14.0763 4524 PartMgr - ok
12:50:14.0779 4524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:50:14.0809 4524 ParVdm - ok
12:50:14.0825 4524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:50:14.0840 4524 PCI - ok
12:50:14.0855 4524 PCIDump - ok
12:50:14.0947 4524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:50:14.0947 4524 PCIIde - ok
12:50:14.0993 4524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:50:14.0993 4524 Pcmcia - ok
12:50:15.0024 4524 PDCOMP - ok
12:50:15.0039 4524 PDFRAME - ok
12:50:15.0055 4524 PDRELI - ok
12:50:15.0055 4524 PDRFRAME - ok
12:50:15.0070 4524 perc2 - ok
12:50:15.0085 4524 perc2hib - ok
12:50:15.0147 4524 pppop (80ae9714ff0c140d6471911fe334198a) C:\WINDOWS\system32\DRIVERS\pppop.sys
12:50:15.0193 4524 pppop - ok
12:50:15.0208 4524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:50:15.0223 4524 PptpMiniport - ok
12:50:15.0254 4524 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
12:50:15.0285 4524 psadd - ok
12:50:15.0300 4524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:50:15.0315 4524 PSched - ok
12:50:15.0331 4524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:50:15.0331 4524 Ptilink - ok
12:50:15.0361 4524 QCFilterlno (a0aab656ed691739ee9c41f050c523b0) C:\WINDOWS\system32\DRIVERS\qcfilterlno.sys
12:50:15.0438 4524 QCFilterlno - ok
12:50:15.0484 4524 qcusbnetlno (ad87030d1bc87f3d9b867440681a5f09) C:\WINDOWS\system32\DRIVERS\qcusbnetlno.sys
12:50:15.0561 4524 qcusbnetlno - ok
12:50:15.0591 4524 qcusbserlno (a89bcf572bf243377fd18c22c2ddc2f0) C:\WINDOWS\system32\DRIVERS\qcusbserlno.sys
12:50:15.0668 4524 qcusbserlno - ok
12:50:15.0684 4524 ql1080 - ok
12:50:15.0699 4524 Ql10wnt - ok
12:50:15.0714 4524 ql12160 - ok
12:50:15.0714 4524 ql1240 - ok
12:50:15.0730 4524 ql1280 - ok
12:50:15.0745 4524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:50:15.0745 4524 RasAcd - ok
12:50:15.0776 4524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:50:15.0791 4524 Rasl2tp - ok
12:50:15.0806 4524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:50:15.0806 4524 RasPppoe - ok
12:50:15.0822 4524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:50:15.0822 4524 Raspti - ok
12:50:15.0837 4524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:50:15.0852 4524 Rdbss - ok
12:50:15.0868 4524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:50:15.0868 4524 RDPCDD - ok
12:50:15.0898 4524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:50:15.0914 4524 rdpdr - ok
12:50:15.0944 4524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:50:16.0036 4524 RDPWD - ok
12:50:16.0067 4524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:50:16.0082 4524 redbook - ok
12:50:16.0113 4524 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
12:50:16.0159 4524 RimUsb - ok
12:50:16.0190 4524 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:50:16.0266 4524 RimVSerPort - ok
12:50:16.0297 4524 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:50:16.0312 4524 ROOTMODEM - ok
12:50:16.0358 4524 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:50:16.0404 4524 s24trans - ok
12:50:16.0450 4524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:50:16.0466 4524 Secdrv - ok
12:50:16.0496 4524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:50:16.0496 4524 Serial - ok
12:50:16.0542 4524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:50:16.0542 4524 Sfloppy - ok
12:50:16.0573 4524 Shockprf (bc31655a03d9e9ed6f7116bafb9b38c7) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
12:50:16.0619 4524 Shockprf - ok
12:50:16.0650 4524 Simbad - ok
12:50:16.0665 4524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:50:16.0665 4524 SLIP - ok
12:50:16.0772 4524 SNP2UVC (a10c0f1f8d394e7d392fad72b7a01c1b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
12:50:16.0895 4524 SNP2UVC - ok
12:50:16.0911 4524 Sparrow - ok
12:50:16.0941 4524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:50:16.0957 4524 splitter - ok
12:50:16.0987 4524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:50:16.0987 4524 sr - ok
12:50:17.0033 4524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:50:17.0095 4524 Srv - ok
12:50:17.0125 4524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:50:17.0141 4524 streamip - ok
12:50:17.0156 4524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:50:17.0156 4524 swenum - ok
12:50:17.0187 4524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:50:17.0187 4524 swmidi - ok
12:50:17.0217 4524 symc810 - ok
12:50:17.0217 4524 symc8xx - ok
12:50:17.0233 4524 sym_hi - ok
12:50:17.0248 4524 sym_u3 - ok
12:50:17.0294 4524 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:50:17.0340 4524 SynTP - ok
12:50:17.0371 4524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:50:17.0371 4524 sysaudio - ok
12:50:17.0417 4524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:50:17.0432 4524 Tcpip - ok
12:50:17.0463 4524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:50:17.0463 4524 TDPIPE - ok
12:50:17.0493 4524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:50:17.0493 4524 TDTCP - ok
12:50:17.0524 4524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:50:17.0524 4524 TermDD - ok
12:50:17.0555 4524 TosIde - ok
12:50:17.0570 4524 TPDIGIMN (c5dc9e462407b274b504de2aa3220c2e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
12:50:17.0616 4524 TPDIGIMN - ok
12:50:17.0647 4524 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
12:50:17.0693 4524 TPHKDRV - ok
12:50:17.0739 4524 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
12:50:17.0769 4524 tpm - ok
12:50:17.0800 4524 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
12:50:17.0877 4524 TPPWRIF - ok
12:50:17.0907 4524 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
12:50:17.0938 4524 TSMAPIP - ok
12:50:17.0969 4524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:50:17.0984 4524 Udfs - ok
12:50:18.0000 4524 ultra - ok
12:50:18.0046 4524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:50:18.0061 4524 Update - ok
12:50:18.0107 4524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:50:18.0122 4524 usbaudio - ok
12:50:18.0138 4524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:50:18.0138 4524 usbccgp - ok
12:50:18.0153 4524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:50:18.0153 4524 usbehci - ok
12:50:18.0168 4524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:50:18.0184 4524 usbhub - ok
12:50:18.0199 4524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:50:18.0214 4524 usbscan - ok
12:50:18.0230 4524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:50:18.0245 4524 USBSTOR - ok
12:50:18.0337 4524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:50:18.0352 4524 usbuhci - ok
12:50:18.0460 4524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:50:18.0460 4524 usbvideo - ok
12:50:18.0582 4524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:50:18.0628 4524 VgaSave - ok
12:50:18.0659 4524 ViaIde - ok
12:50:18.0690 4524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:50:18.0705 4524 VolSnap - ok
12:50:18.0736 4524 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
12:50:18.0782 4524 vsdatant - ok
12:50:18.0828 4524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:50:18.0828 4524 Wanarp - ok
12:50:18.0874 4524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:50:18.0966 4524 Wdf01000 - ok
12:50:18.0981 4524 WDICA - ok
12:50:19.0027 4524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:50:19.0027 4524 wdmaud - ok
12:50:19.0073 4524 winachsf (849f38751207b2c82d3d22e0196b4cd8) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:50:19.0135 4524 winachsf - ok
12:50:19.0196 4524 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:50:19.0196 4524 WmiAcpi - ok
12:50:19.0242 4524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:50:19.0257 4524 WSTCODEC - ok
12:50:19.0303 4524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:50:19.0303 4524 WudfPf - ok
12:50:19.0334 4524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:50:19.0334 4524 WudfRd - ok
12:50:19.0395 4524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:50:19.0487 4524 \Device\Harddisk0\DR0 - ok
12:50:19.0503 4524 Boot (0x1200) (d9e936ef365dd4e673c16a4702cee4b8) \Device\Harddisk0\DR0\Partition0
12:50:19.0503 4524 \Device\Harddisk0\DR0\Partition0 - ok
12:50:19.0518 4524 Boot (0x1200) (f04ddf59daa36486e19cba85c8021db1) \Device\Harddisk0\DR0\Partition1
12:50:19.0518 4524 \Device\Harddisk0\DR0\Partition1 - ok
12:50:19.0518 4524 ============================================================
12:50:19.0518 4524 Scan finished
12:50:19.0518 4524 ============================================================
12:50:19.0518 4516 Detected object count: 0
12:50:19.0518 4516 Actual detected object count: 0

#15 tholls11

tholls11
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 17 November 2011 - 02:08 PM

I don't see the iexplorer process anymore. I tried the Google Search from my IE and it seems to be working without any issues. No redirect anymore... but I am still worried that there maybe someother virus in the laptop. Really appreciate your time and help.

Thanks

Edited by tholls11, 17 November 2011 - 04:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users