Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_sirefef infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 davehansen72

davehansen72

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 19 July 2012 - 08:15 PM

Hello,

My computer appears to be infected with a trojan virus? Below is virus removal log as of yesterday. Running Trend Micro Titanium Maximum Security. Today Trend Micro is having trouble completing an update and scanning. I searched for and deleted gac32 and gac64 folders files. Also deleted {6885cd71-2af2-6ad8-4469-4467186280e9} folder. Still having trouble. Please help! Thanks.

Date/Time,Affected Files,Threat,Response
7/12/2012 9:31 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:31 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\n,TROJ_SIREFE.FRC,Removed
7/12/2012 9:31 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:31 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\n,TROJ_SIREFE.FRC,Removed
7/12/2012 9:31 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 9:32 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:33 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:37 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:37 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:37 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:41 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:41 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:41 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:42 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:42 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:43 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:43 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:45 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:45 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:45 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:46 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:46 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:46 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:47 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:47 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:49 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:52 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:52 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:53 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:53 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:53 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:53 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:54 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:54 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:54 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:57 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:57 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:57 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:57 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:57 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:58 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:58 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:58 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:58 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 10:02 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 10:02 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 10:03 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 10:04 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 1:55 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 1:55 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 1:56 PM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 1:57 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:07 PM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 2:07 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 2:07 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:08 PM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 2:08 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:11 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:14 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:31 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 2:36 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 2:36 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:40 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:45 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:45 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:45 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:47 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:47 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 6:47 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 6:49 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:49 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:50 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:53 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:53 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 6:53 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:53 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:53 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:54 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:54 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 6:54 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:54 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 6:58 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 7:02 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 7:04 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:04 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:06 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:06 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:06 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:06 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:09 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:10 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:10 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:10 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:11 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 7:16 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 7:17 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 7:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 7:26 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 7:26 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 7:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 7:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:17 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 9:17 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:17 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:18 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 9:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:19 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:20 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:20 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:23 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:30 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:32 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:32 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:36 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:36 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:37 PM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Detected
7/12/2012 9:40 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 9:40 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 9:40 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 9:41 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 9:43 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 9:45 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 10:12 PM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 10:12 PM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/12/2012 10:13 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 10:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 10:15 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 10:16 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 10:16 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/12/2012 10:16 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 11:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/12/2012 11:24 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/12/2012 11:25 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/12/2012 11:25 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 11:25 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/12/2012 11:25 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/12/2012 11:25 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/12/2012 11:25 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 6:43 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 6:43 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 6:43 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 6:48 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 6:48 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 6:50 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 6:51 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 6:51 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 6:51 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 6:53 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 6:53 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 6:53 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 6:56 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 6:56 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:18 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:18 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:25 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:25 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:25 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:28 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:28 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:30 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:31 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:57 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:57 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 7:58 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:03 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:03 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 8:03 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:41 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:42 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:45 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:47 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:47 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:56 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/13/2012 8:56 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 8:56 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 8:57 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 8:59 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:00 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:01 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:04 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:11 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:11 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:11 AM,C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\Setup_Registry_Defender[1].exe,TROJ_GEN.RCEH2GC,Detected
7/13/2012 9:12 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:12 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:13 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:14 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:14 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:16 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:16 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:16 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:17 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@,TROJ_SIREFEF.UP,Removed
7/13/2012 9:17 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:17 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:17 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_SIREFEF.CZJ,Removed
7/13/2012 9:21 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:21 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:21 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:28 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed
7/13/2012 9:31 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:31 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:31 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:32 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/13/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/13/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/13/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/13/2012 9:36 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/14/2012 9:55 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/14/2012 9:55 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 9:55 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/14/2012 9:55 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 9:55 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/14/2012 9:55 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/14/2012 9:55 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 9:55 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 9:57 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 9:58 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:00 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:00 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:00 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:02 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:02 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:02 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:03 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:04 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:06 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:06 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:08 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:10 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 10:19 AM,C:\Users\Hansed2\AppData\Local\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Removed
7/14/2012 10:28 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 10:28 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 10:29 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Access Denied
7/14/2012 10:43 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:03 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:03 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 11:03 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 11:24 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:26 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:28 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:28 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:29 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:30 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:30 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:30 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:35 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:38 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:39 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:40 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:41 AM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 11:54 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 11:54 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/14/2012 11:55 AM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@,Cryp_Xin12,Access Denied
7/14/2012 12:06 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:07 PM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:32 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:35 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:35 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:42 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:50 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:50 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:50 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/14/2012 12:52 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:05 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:05 AM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/15/2012 9:05 AM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Access Denied
7/15/2012 9:06 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:20 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:20 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:20 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/15/2012 9:20 AM,C:\Windows\System32\services.exe,TROJ_SIREFEF.PTC,Detected
7/18/2012 9:20 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/18/2012 9:21 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/18/2012 9:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000004.@,TROJ_SIREFEF.UV,Removed
7/18/2012 9:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\000000cb.@,TROJ_SIREFEF.UT,Removed
7/18/2012 9:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000000.@,TROJ_SIREFEF.FU,Removed
7/18/2012 9:22 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\00000008.@,TROJ_SIREFEF.GF,Removed
7/18/2012 9:23 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/18/2012 9:23 PM,C:\Windows\system32\services.exe,TROJ_SIREFEF.PTC,Detected
7/18/2012 9:27 PM,C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@,TROJ_ALUREON.CZJ,Removed
7/18/2012 9:42 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:50 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:53 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:55 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:55 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:56 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 9:59 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:04 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:06 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:08 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:10 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:10 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:11 PM,C:\Windows\system32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:11 PM,C:\Windows\System32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:11 PM,C:\Windows\System32\services.exe,PTCH_SIREFEF.PTC,Detected
7/18/2012 10:11 PM,C:\Windows\System32\services.exe,PTCH_SIREFEF.PTC,Detected

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 19 July 2012 - 09:02 PM

Hello davehansen72,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


Do you have a USB Flash Drive you can use?

1.
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 21 July 2012 - 04:26 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 21 July 2012 - 09:33 PM

Havent fixed it yet. Sorry for the delayed response. I did download the dds file this morning. I disabled trend micro and disconnected internet. Ran the dds scan but it came up quickly with a message that it cannot be run in dos. There was a bunch of random sysmbols and only a few comprehendable sentences in the middle of the log. I tried to post a response from my comp but it was insanely slow and locking up. Is there any other places to disable script control? Thanks.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 21 July 2012 - 10:04 PM

Hello,

Try this instead of DDS.


  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 22 July 2012 - 07:45 AM

OTL logfile created on: 7/22/2012 8:24:43 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Hansed2\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.19% Memory free
7.80 Gb Paging File | 5.88 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 63.19 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.40 Gb Free Space | 24.60% Space Free | Partition Type: NTFS

Computer Name: HANSED2-THINK | User Name: Hansed2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 08:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hansed2\Desktop\OTL.exe
PRC - [2012/07/12 14:08:40 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/02/27 19:09:45 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/26 21:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
PRC - [2009/12/03 21:13:15 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/09/30 19:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/30 19:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/30 19:14:46 | 000,397,312 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2009/09/30 19:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/25 02:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009/09/14 01:14:28 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/06 16:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/06 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/01 22:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 10:04:02 | 000,559,072 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarHelper.dll
MOD - [2012/02/27 10:04:02 | 000,030,784 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuSetting.dll
MOD - [2012/02/27 10:04:02 | 000,030,784 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuHelp.dll
MOD - [2012/02/27 09:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/02/27 09:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2011/11/17 23:01:43 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/26 20:22:46 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\MSResource\MSTextResource.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2009/09/21 20:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009/09/21 20:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/08/24 00:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 17:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012/07/12 14:08:42 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 19:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/30 19:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/25 02:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/14 01:14:28 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/06 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/05 01:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/24 20:11:33 | 000,210,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:64bit: - [2012/01/24 20:11:33 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/01/24 20:11:33 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/01/24 20:11:33 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/01/24 20:11:33 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/01/24 20:11:33 | 000,067,344 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/08 06:18:48 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/11/23 19:03:37 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/09/21 22:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/21 22:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/15 16:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/03 07:14:00 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/09/03 06:59:00 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/09/03 06:37:00 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/23 23:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/08/23 14:04:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/06 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 01:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 07:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 14:16:10 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/07/01 05:05:06 | 000,344,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaNvStor.sys -- (iaNvStor) Intel®
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 17:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 17:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/22 23:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/11 04:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/06/05 03:37:22 | 000,256,904 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4E82008D-2CAA-485A-9197-84A029573C45}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2FF249DF-48E7-4AA4-9609-FBC27429347D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enUS356
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Hansed2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Hansed2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hansed2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hansed2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/07/22 08:26:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/01/24 20:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/07/22 08:26:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/01/23 21:12:42 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.113 www.google-analytics.com.
O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.113 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [LenVolFx] C:\Windows\LenVolEx64.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://24.105.166.198/gb_deploy/map/PictImageCtrl30.CAB (Pictometry Viewer Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/Land%20Desktop%203/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/Land%20Desktop%203/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/Land%20Desktop%203/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.stantec.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/Land%20Desktop%203/AcPreview.ocx (AcPreview Control)
O16 - DPF: GeoConvertCab http://24.105.166.198/gb_deploy/map/GeoConvert.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C56B436-C532-47B1-B389-C0166978F9FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C034E44A-0398-4BC9-9359-B9D382A6B99F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2d98dde4-d880-11de-9c1e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d98dde4-d880-11de-9c1e-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 08:23:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hansed2\Desktop\OTL.exe
[2012/07/21 08:51:13 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Hansed2\Desktop\dds.scr
[2012/07/21 08:15:35 | 000,000,000 | ---D | C] -- C:\Users\Hansed2\AppData\Roaming\Mozilla
[2012/07/19 20:50:47 | 000,000,000 | ---D | C] -- C:\Users\Hansed2\AppData\Roaming\ATI
[2012/07/19 20:50:47 | 000,000,000 | ---D | C] -- C:\Users\Hansed2\AppData\Local\ATI
[2012/07/18 21:28:59 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/07/12 14:20:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 08:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hansed2\Desktop\OTL.exe
[2012/07/22 08:22:16 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177201303-3691732396-4210473684-1004UA.job
[2012/07/22 08:22:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 08:22:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 08:22:11 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/22 08:22:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 09:14:39 | 000,812,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/21 09:14:39 | 000,685,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/21 09:14:39 | 000,129,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 09:13:38 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 09:13:37 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 09:13:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177201303-3691732396-4210473684-1004Core.job
[2012/07/21 09:10:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 09:04:59 | 3139,444,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 22:16:19 | 000,001,144 | ---- | M] () -- C:\Users\Hansed2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/18 21:37:25 | 000,193,662 | ---- | M] () -- C:\Users\Hansed2\AppData\Local\census.cache
[2012/07/18 21:37:08 | 000,124,729 | ---- | M] () -- C:\Users\Hansed2\AppData\Local\ars.cache
[2012/07/18 21:29:56 | 000,000,036 | ---- | M] () -- C:\Users\Hansed2\AppData\Local\housecall.guid.cache
[2012/07/13 09:29:14 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2012/07/13 08:01:30 | 000,584,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 13:57:56 | 000,134,672 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/07/12 09:31:37 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/06/29 15:13:58 | 000,038,378 | ---- | M] () -- C:\Users\Hansed2\Desktop\LowGlycemicShoppingList.pdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 08:12:25 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@
[2012/07/19 21:15:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@
[2012/07/18 21:37:25 | 000,193,662 | ---- | C] () -- C:\Users\Hansed2\AppData\Local\census.cache
[2012/07/18 21:37:08 | 000,124,729 | ---- | C] () -- C:\Users\Hansed2\AppData\Local\ars.cache
[2012/07/18 21:20:57 | 000,000,036 | ---- | C] () -- C:\Users\Hansed2\AppData\Local\housecall.guid.cache
[2012/07/12 14:06:01 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\L\00000004.@
[2012/07/12 09:34:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 09:31:58 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/07/12 09:31:47 | 000,134,672 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/06/29 15:13:58 | 000,038,378 | ---- | C] () -- C:\Users\Hansed2\Desktop\LowGlycemicShoppingList.pdf
[2012/01/10 21:51:07 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@
[2011/04/23 22:54:00 | 000,005,632 | ---- | C] () -- C:\Users\Hansed2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 21:17:54 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/04/10 21:11:29 | 000,000,000 | ---- | C] () -- C:\Windows\mtstack.INI
[2010/10/23 08:59:01 | 000,000,010 | ---- | C] () -- C:\Users\Hansed2\AppData\Roaming\install
[2010/10/23 08:30:05 | 000,000,212 | ---- | C] () -- C:\Users\Hansed2\AppData\Roaming\20308.bat

========== LOP Check ==========

[2009/12/21 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Autodesk
[2010/03/03 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\FileOpen
[2012/02/14 22:34:08 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\InterVideo
[2011/07/13 17:57:49 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks
[2010/02/28 14:56:13 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\pdf995
[2011/05/07 07:02:53 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\TaxCut
[2012/05/25 16:25:29 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/24 20:15:02 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/22 08:22:11 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/12/02 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Adobe
[2011/11/17 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Apple Computer
[2012/07/19 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\ATI
[2009/12/21 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Autodesk
[2010/03/03 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\FileOpen
[2009/12/03 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Google
[2009/12/01 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Identities
[2011/03/20 17:53:06 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\InstallShield
[2009/12/30 12:54:41 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Intel
[2012/02/14 22:34:08 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\InterVideo
[2011/07/13 17:57:49 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks
[2009/12/01 19:46:19 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Macromedia
[2010/10/23 09:26:11 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Media Center Programs
[2010/10/07 19:39:37 | 000,000,000 | --SD | M] -- C:\Users\Hansed2\AppData\Roaming\Microsoft
[2012/07/21 08:15:35 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Mozilla
[2010/02/28 14:56:13 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\pdf995
[2012/02/26 18:31:45 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Roxio
[2011/03/20 18:02:18 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\Sony Corporation
[2011/05/07 07:02:53 | 000,000,000 | ---D | M] -- C:\Users\Hansed2\AppData\Roaming\TaxCut

< %APPDATA%\*.exe /s >
[2012/01/12 23:24:36 | 000,149,368 | ---- | M] () -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2012/01/12 23:25:00 | 000,282,648 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2012/01/12 23:24:34 | 000,571,256 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2012/01/12 23:24:04 | 000,348,256 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2012/01/12 23:17:04 | 000,236,552 | ---- | M] () -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2012/01/12 23:25:02 | 000,056,952 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Hansed2\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2010/03/03 20:26:33 | 000,014,846 | R--- | M] () -- C:\Users\Hansed2\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/05 03:37:22 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmcomm.sys

< End of report >











OTL Extras logfile created on: 7/22/2012 8:24:43 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Hansed2\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.19% Memory free
7.80 Gb Paging File | 5.88 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 63.19 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.40 Gb Free Space | 24.60% Space Free | Partition Type: NTFS

Computer Name: HANSED2-THINK | User Name: Hansed2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.scr[@ = AutoCADScriptFile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java™ 6 Update 16 (64-bit)
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1BD0923-7351-EBCE-B478-33B2DCE45AC2}" = ATI Catalyst Install Manager
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7E3FCA4-30BC-11DD-1510-90DA60EC0410}" = ccc-utility64
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"1D1219CED4DAD562C114C845725DCA2DCB312803" = Windows Driver Package - Sonix (SNP2UVC) Image (08/03/2009 5.8.53003.0)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HECI" = Intel® Management Engine Interface
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin
"{425709F4-5DBF-4A41-A55D-DD18C905D8C2}" = AFF Mapper
"{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56F59702-1BB9-4C1B-BB8A-FB5F84A90378}" = H&R Block New York 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0138-0409-0000-0060B0CE6BBA}" = Autodesk Land Desktop 3
"{5783F2D7-0E38-0409-0000-0060B0CE6BBA}" = Land Object Enabler 3.0
"{5783F2D7-1138-0409-0000-0060B0CE6BBA}" = Autodesk Civil Design 3
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A80C75C-EB3A-4275-A6C4-2E20349DBF4C}" = H&R Block New York 2010
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6C434B52-8D0F-4080-9649-7497445DDCD4}" = H&R Block New York 2011
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
"{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
"{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
"{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
"{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AnswerWorks" = AnswerWorks Runtime
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Google Chrome" = Google Chrome
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Welcome_is1" = Lenovo Welcome
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2008b" = Microsoft Money Plus
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Quick Search Box" = Google Quick Search Box
"ULTIMATER" = Microsoft Office Ultimate 2007
"VISPROR" = Microsoft Office Visio Professional 2007
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 9:40:51 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2231

Error - 7/21/2012 9:40:52 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 9:40:52 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3417

Error - 7/21/2012 9:40:52 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3417

Error - 7/21/2012 9:40:54 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 9:40:54 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4540

Error - 7/21/2012 9:40:54 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4540

Error - 7/22/2012 8:21:58 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/22/2012 8:21:58 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 81669441

Error - 7/22/2012 8:21:58 AM | Computer Name = Hansed2-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 81669441

[ Lenovo-Message Center Plus/Admin Events ]
Error - 9/28/2010 10:21:43 PM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/9/2010 11:16:25 AM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/9/2010 3:18:35 PM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/9/2010 7:20:26 PM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/10/2010 9:38:33 AM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 11/21/2010 9:50:22 PM | Computer Name = Hansed2-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ OSession Events ]
Error - 5/12/2010 9:23:13 PM | Computer Name = Hansed2-THINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6520.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/8/2011 9:10:16 PM | Computer Name = Hansed2-THINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9385
seconds with 1080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/22/2012 8:36:53 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:36:53 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:36:53 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:36:53 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:37:23 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:38:58 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:41:14 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7034
Description =

Error - 7/22/2012 8:41:26 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:41:34 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2012 8:42:26 AM | Computer Name = Hansed2-THINK | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 22 July 2012 - 10:40 AM

Hello,

Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 22 July 2012 - 09:08 PM

Yes, I do have a flash drive.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 22 July 2012 - 10:21 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 July 2012 - 08:59 AM

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 23-07-2012 09:37:26
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-13] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-19] (Lenovo Group Limited)
HKLM\...\Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup [358424 2009-08-03] (Intel Corporation)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-09-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-09-21] (Intel Corporation)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-08-19] (Intel Corporation)
HKLM\...\Run: [LenVolFx] LenVolEx64.exe [x]
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304792 2012-02-27] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213824 2012-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [876832 2009-08-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-27] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122880 2009-12-03] (Google Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKU\Hansed2\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-03] (Google Inc.)
HKU\Hansed2\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Hansed2\...\Run: [Google Update] "C:\Users\Hansed2\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli
ACGina
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk
ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)

==================== Services (Whitelisted) ======

2 AcPrfMgrSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-30] (Lenovo)
2 AcSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-30] (Lenovo)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)
2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [864032 2009-07-01] (Broadcom Corporation.)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45856 2009-08-18] (Lenovo)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-13] (Intel Corporation)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [75040 2009-08-23] (Lenovo)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [15872 2009-09-24] (Lenovo Group Limited)
2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1019904 2009-08-28] (Lenovo Group Limited)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47656 2009-06-29] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [62320 2009-07-14] (Lenovo Group Limited)
3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1474560 2009-09-03] (Lenovo Group Limited)
2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-03] (Intel Corporation)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

========================== Drivers (Whitelisted) =============

1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
3 HPFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2007-07-16] (Hewlett Packard)
3 HPFXFAX; C:\Windows\System32\drivers\hpfx64fax.sys [23064 2007-07-16] (Hewlett Packard)
0 iaNvStor; C:\Windows\System32\Drivers\iaNvStor.sys [344600 2009-07-01] (Intel Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [133672 2009-06-29] (Lenovo.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [3531136 2009-06-11] ()
1 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [91920 2012-01-24] (Trend Micro Inc.)
1 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [167696 2012-01-24] (Trend Micro Inc.)
1 tmcomm; C:\Windows\SysWow64\Drivers\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)
3 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [67344 2012-01-24] (Trend Micro Inc.)
1 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [70928 2012-01-24] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\Drivers\tmlwf.sys [194640 2010-08-08] (Trend Micro Inc.)
3 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [210704 2012-01-24] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-01-24] (Trend Micro Inc.)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23592 2009-06-29] (Lenovo.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2009-08-23] ()
3 TVTI2C; C:\Windows\System32\Drivers\TVTI2C.sys [41536 2009-07-02] (Lenovo (United States) Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-23 09:37 - 2012-07-23 09:37 - 00000000 ____D C:\FRST
2012-07-22 04:42 - 2012-07-22 04:49 - 00063900 ____A C:\Users\Hansed2\Desktop\Extras.Txt
2012-07-22 04:40 - 2012-07-22 04:49 - 00118416 ____A C:\Users\Hansed2\Desktop\OTL.Txt
2012-07-22 04:23 - 2012-07-22 04:23 - 00596480 ____A (OldTimer Tools) C:\Users\Hansed2\Desktop\OTL.exe
2012-07-21 04:15 - 2012-07-21 04:15 - 00000000 ____D C:\Users\Hansed2\AppData\Roaming\Mozilla
2012-07-19 16:50 - 2012-07-19 16:50 - 00000000 ____D C:\Users\Hansed2\AppData\Roaming\ATI
2012-07-19 16:50 - 2012-07-19 16:50 - 00000000 ____D C:\Users\Hansed2\AppData\Local\ATI
2012-07-18 18:12 - 2012-07-18 18:12 - 00044624 ____A C:\Users\Hansed2\Desktop\Viruses.TXT
2012-07-18 17:37 - 2012-07-18 17:37 - 00193662 ____A C:\Users\Hansed2\AppData\Local\census.cache
2012-07-18 17:37 - 2012-07-18 17:37 - 00124729 ____A C:\Users\Hansed2\AppData\Local\ars.cache
2012-07-18 17:28 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-07-18 17:20 - 2012-07-18 17:29 - 00000036 ____A C:\Users\Hansed2\AppData\Local\housecall.guid.cache
2012-07-13 03:18 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 02:59 - 2012-07-13 03:00 - 00264630 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 10:20 - 2012-07-12 10:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-12 10:03 - 2012-07-14 07:01 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-07-12 05:34 - 2012-07-23 05:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 05:34 - 2012-07-12 10:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 05:31 - 2012-07-13 05:29 - 00021520 ____A C:\Windows\DCEBoot64.exe
2012-07-12 05:31 - 2012-07-12 09:57 - 00134672 ____A C:\Windows\RegBootClean64.exe
2012-07-11 05:24 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 05:24 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 05:24 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 05:24 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 05:24 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 05:24 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 05:23 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 05:23 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 05:23 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 05:23 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 05:23 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 05:23 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 05:23 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 05:23 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 05:23 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

============ 3 Months Modified Files ========================

2012-07-23 05:29 - 2011-12-27 08:18 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177201303-3691732396-4210473684-1004Core.job
2012-07-23 05:29 - 2009-11-23 14:52 - 01583289 ____A C:\Windows\WindowsUpdate.log
2012-07-23 05:27 - 2009-07-13 21:13 - 00812332 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 05:18 - 2012-07-12 05:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 05:18 - 2011-12-27 08:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177201303-3691732396-4210473684-1004UA.job
2012-07-23 05:18 - 2010-01-06 19:06 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 05:18 - 2010-01-06 19:06 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 05:18 - 2009-11-23 15:03 - 00000340 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-23 05:18 - 2009-07-13 20:51 - 00243245 ____A C:\Windows\setupact.log
2012-07-22 04:49 - 2012-07-22 04:42 - 00063900 ____A C:\Users\Hansed2\Desktop\Extras.Txt
2012-07-22 04:49 - 2012-07-22 04:40 - 00118416 ____A C:\Users\Hansed2\Desktop\OTL.Txt
2012-07-22 04:23 - 2012-07-22 04:23 - 00596480 ____A (OldTimer Tools) C:\Users\Hansed2\Desktop\OTL.exe
2012-07-21 05:13 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 05:13 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 05:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 05:04 - 2010-10-23 13:52 - 00537862 ____A C:\Windows\PFRO.log
2012-07-18 18:12 - 2012-07-18 18:12 - 00044624 ____A C:\Users\Hansed2\Desktop\Viruses.TXT
2012-07-18 17:37 - 2012-07-18 17:37 - 00193662 ____A C:\Users\Hansed2\AppData\Local\census.cache
2012-07-18 17:37 - 2012-07-18 17:37 - 00124729 ____A C:\Users\Hansed2\AppData\Local\ars.cache
2012-07-18 17:29 - 2012-07-18 17:20 - 00000036 ____A C:\Users\Hansed2\AppData\Local\housecall.guid.cache
2012-07-14 07:01 - 2012-07-12 10:03 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-07-13 05:29 - 2012-07-12 05:31 - 00021520 ____A C:\Windows\DCEBoot64.exe
2012-07-13 04:01 - 2009-07-13 20:45 - 00584216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 03:01 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-07-13 03:00 - 2012-07-13 02:59 - 00264630 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-13 02:53 - 2009-12-03 02:56 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-12 10:08 - 2012-07-12 05:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 10:08 - 2011-12-31 07:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 09:57 - 2012-07-12 05:31 - 00134672 ____A C:\Windows\RegBootClean64.exe
2012-07-12 05:31 - 2011-07-03 15:44 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-11 19:02 - 2012-07-13 03:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 05:24 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 05:24 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-11 05:24 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 05:24 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 05:24 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 05:24 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-04 23:37 - 2012-07-18 17:28 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-02 14:19 - 2012-06-19 05:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 05:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 05:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 05:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 05:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 05:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 05:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 05:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-19 05:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-11 05:23 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 05:23 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 05:23 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 05:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 05:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 05:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 05:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 05:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 05:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-25 12:25 - 2009-11-23 15:03 - 00000452 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-14 19:56 - 2012-06-13 03:49 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-13 03:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-13 03:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-13 03:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-04 02:52 - 2012-06-13 03:47 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 03:47 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 03:47 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-13 03:47 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-13 03:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-13 03:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-13 03:47 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-13 03:47 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\@
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\L
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\L\00000004.@
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\L\1afb2d56
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\L\201d3dde
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000032.@
C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3992.01 MB
Available physical RAM: 3302.93 MB
Total Pagefile: 3990.16 MB
Available Pagefile: 3303.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:62.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.4 GB) NTFS
4 Drive g: (Lexar) (Removable) (Total:7.45 GB) (Free:2.27 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 287 GB 1201 MB
Partition 3 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 287 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7647 MB 40 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Lexar FAT32 Removable 7647 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-14 08:35

======================= End Of Log ==========================

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 23 July 2012 - 11:52 AM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



2.
We need to find a replacement file on your system

Please do the following:

  • boot into System Recovery Options and run FRST64.
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

Click Search button and post the log it makes to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 July 2012 - 08:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 21:04:40 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{6885cd71-2af2-6ad8-4469-4467186280e9} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====







Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 21:07:55
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 23 July 2012 - 09:07 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 davehansen72

davehansen72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 24 July 2012 - 04:55 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 17:50:00 Run:2
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:44 PM

Posted 24 July 2012 - 05:11 PM

Hello,

Please run the following tools now to see if we got rid of the infection.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users