gtdowd

Honorary Members

View Profile See their activity

Posts
32
Joined
June 19, 2012
Last visited
June 30, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by gtdowd

Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

Everything looks good now, thanks very much for your help!
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

I removed all of the rss feeds from outlook this morning and it may have had something to do with that as I have not had any block messages since. Does that make sense to you?
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

ComboFix 12-06-24.03 - X220 06/24/2012 13:15:59.4.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5609 [GMT -5:00] Running from: c:\temp\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))) . . 2012-06-24 18:29 . 2012-06-24 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-21 18:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 18:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 18:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 18:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 18:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 18:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 18:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 18:27 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 18:27 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 14:33 . 2012-06-21 17:19 -------- d-----w- c:\users\X220\DoctorWeb 2012-06-20 21:19 . 2012-06-20 21:19 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia 2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-20 22:20 . 2010-02-20 22:20 31616 c:\windows\SysWOW64\FM20ENU.DLL - 2010-02-20 23:20 . 2010-02-20 23:20 31616 c:\windows\SysWOW64\FM20ENU.DLL - 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-23 13:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-23 13:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-23 13:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-06-23 13:11 69576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-24 10:43 28756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-09 15:08 . 2012-06-24 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-09 15:08 . 2012-06-24 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-24 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-12-13 00:50 . 2012-06-13 23:34 34144 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\oisicon.exe + 2012-06-23 02:34 . 2012-06-23 02:46 34144 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\oisicon.exe - 2011-12-13 00:50 . 2012-06-13 23:34 42848 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\msouc.exe + 2012-06-23 02:34 . 2012-06-23 02:46 42848 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\msouc.exe + 2012-06-23 02:34 . 2012-06-23 02:46 19296 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\cagicon.exe - 2011-12-13 00:50 . 2012-06-13 23:34 19296 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\cagicon.exe - 2011-12-19 16:27 . 2012-06-13 23:34 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe + 2011-12-19 16:27 . 2012-06-23 02:46 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe - 2011-12-19 16:27 . 2012-06-13 23:34 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe + 2011-12-19 16:27 . 2012-06-23 02:46 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe - 2011-12-19 16:27 . 2012-06-13 23:34 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe + 2011-12-19 16:27 . 2012-06-23 02:46 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe + 2010-02-25 16:07 . 2010-02-25 16:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBAJET32.DLL - 2010-02-25 17:07 . 2010-02-25 17:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBAJET32.DLL + 2010-01-10 02:47 . 2010-01-10 02:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\THOCRAPI.DLL - 2010-01-10 03:47 . 2010-01-10 03:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\THOCRAPI.DLL - 2010-03-25 16:23 . 2010-03-25 16:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL + 2010-03-25 15:23 . 2010-03-25 15:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RECALL.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RECALL.DLL - 2010-03-23 02:36 . 2010-03-23 02:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL + 2010-03-23 01:36 . 2010-03-23 01:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLRPC.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLRPC.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLACCT.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLACCT.DLL - 2010-03-23 02:36 . 2010-03-23 02:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUPPS.DLL + 2010-03-23 01:36 . 2010-03-23 01:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUPPS.DLL + 2010-03-23 01:36 . 2010-03-23 01:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL - 2010-03-23 02:36 . 2010-03-23 02:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL - 2010-02-28 08:13 . 2010-02-28 08:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MUOPTIN.DLL + 2010-02-28 07:13 . 2010-02-28 07:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MUOPTIN.DLL + 2010-03-01 10:17 . 2010-03-01 10:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL - 2010-03-01 11:17 . 2010-03-01 11:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL - 2010-01-11 01:48 . 2010-01-11 01:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFU.DLL + 2010-01-11 00:48 . 2010-01-11 00:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFU.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MLSHEXT.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MLSHEXT.DLL - 2010-03-13 06:59 . 2010-03-13 06:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICUI.DLL + 2010-03-13 05:59 . 2010-03-13 05:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICUI.DLL + 2010-03-23 01:36 . 2010-03-23 01:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_XPS.DLL - 2010-03-23 02:36 . 2010-03-23 02:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_XPS.DLL - 2010-03-23 03:29 . 2010-03-23 03:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DLGSETP.DLL + 2010-03-23 02:29 . 2010-03-23 02:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DLGSETP.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACERCLR.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACERCLR.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODTXT.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODTXT.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODEXL.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODEXL.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODDBS.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODDBS.DLL + 2010-03-23 15:54 . 2010-03-23 15:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEERR.DLL - 2010-03-23 16:54 . 2010-03-23 16:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEERR.DLL + 2009-02-27 01:21 . 2009-02-27 01:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\REFEDIT.DLL + 2009-02-26 23:07 . 2009-02-26 23:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSOHTMED.EXE + 2009-02-26 23:07 . 2009-02-26 23:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSOHEV.DLL + 2009-02-26 23:07 . 2009-02-26 23:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\AUTHZAX.DLL + 2012-06-23 01:26 . 2012-06-23 01:26 14848 c:\windows\assembly\NativeImages_v4.0.30319_32\TVM\055c3ec2bbb8ee0b72677c7d2179cf3b\TVM.ni.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11104 c:\windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11104 c:\windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11640 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11640 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11104 c:\windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11104 c:\windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11640 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11640 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll + 2012-06-23 02:34 . 2012-06-23 02:34 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll - 2011-12-13 00:50 . 2011-12-13 00:50 63336 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2012-06-23 02:34 . 2012-06-23 02:34 63336 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2012-06-23 02:34 . 2012-06-23 02:34 25480 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 25480 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll + 2012-06-23 02:34 . 2012-06-23 02:34 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll - 2011-12-13 00:50 . 2011-12-13 00:50 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll - 2011-12-13 00:50 . 2011-12-13 00:50 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll + 2012-06-23 02:34 . 2012-06-23 02:34 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll + 2012-06-23 02:34 . 2012-06-23 02:34 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll + 2012-06-23 02:34 . 2012-06-23 02:34 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll + 2012-06-23 02:34 . 2012-06-23 02:34 18304 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 18304 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 96128 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll + 2012-06-23 02:34 . 2012-06-23 02:34 96128 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll + 2011-12-09 13:22 . 2012-06-24 10:43 4746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin + 2012-06-20 20:56 . 2012-06-20 20:56 9560 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_48.bin + 2012-06-20 20:56 . 2012-06-20 20:56 4280 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_32.bin + 2012-06-20 20:56 . 2012-06-20 20:56 2456 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_24.bin - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-24 10:40 . 2012-06-24 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-24 10:40 . 2012-06-24 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-10 13:41 . 2012-06-22 18:41 340332 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-24 10:46 732378 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-24 10:46 148840 c:\windows\system32\perfc009.dat + 2009-07-14 04:45 . 2012-06-23 02:36 472352 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:46 . 2012-06-23 02:52 114040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2012-06-24 01:36 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abc0c.msi + 2012-06-23 02:32 . 2012-06-23 02:32 656896 c:\windows\Installer\abc07.msi + 2012-06-23 02:32 . 2012-06-23 02:32 667648 c:\windows\Installer\abc02.msi + 2012-06-23 02:32 . 2012-06-23 02:32 663040 c:\windows\Installer\abbfd.msi + 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abbf8.msi + 2012-06-23 02:32 . 2012-06-23 02:32 653824 c:\windows\Installer\abbf3.msi + 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abbe9.msi + 2011-04-29 01:27 . 2011-04-29 01:27 608768 c:\windows\Installer\72d96.msp + 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\72c70.msp + 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\72c33.msp + 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\72bf8.msp + 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\72bd7.msp + 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\72b76.msp - 2011-12-13 00:50 . 2012-06-13 23:34 303456 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe + 2012-06-23 02:34 . 2012-06-23 02:46 303456 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe + 2012-06-23 02:34 . 2012-06-23 02:46 571232 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\misc.exe - 2011-12-13 00:50 . 2012-06-13 23:34 571232 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\misc.exe - 2011-12-19 16:27 . 2012-06-13 23:34 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe + 2011-12-19 16:27 . 2012-06-23 02:46 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe + 2011-12-19 16:27 . 2012-06-23 02:46 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe - 2011-12-19 16:27 . 2012-06-13 23:34 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe + 2011-12-19 16:27 . 2012-06-23 02:46 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe - 2011-12-19 16:27 . 2012-06-13 23:34 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe + 2011-12-19 16:27 . 2012-06-23 02:46 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe - 2011-12-19 16:27 . 2012-06-13 23:34 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe - 2011-12-20 01:01 . 2011-12-20 01:01 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe + 2012-06-23 02:45 . 2012-06-23 02:45 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe + 2010-12-21 05:59 . 2010-12-21 05:59 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.6029\MSOUC.EXE + 2010-12-21 05:59 . 2010-12-21 05:59 718720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.6029\MSOSYNC.EXE - 2010-01-10 03:47 . 2010-01-10 03:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL + 2010-01-10 02:47 . 2010-01-10 02:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL - 2010-02-28 08:18 . 2010-02-28 08:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TRANSMGR.DLL + 2010-02-28 07:18 . 2010-02-28 07:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TRANSMGR.DLL + 2010-03-25 15:23 . 2010-03-25 15:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL - 2010-03-25 16:23 . 2010-03-25 16:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL - 2010-02-28 08:13 . 2010-02-28 08:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SELFCERT.EXE + 2010-02-28 07:13 . 2010-02-28 07:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SELFCERT.EXE - 2010-03-23 03:29 . 2010-03-23 03:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST64.DLL + 2010-03-23 02:29 . 2010-03-23 02:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST64.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST32.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST32.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RTFHTML.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RTFHTML.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PSTPRX32.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PSTPRX32.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLPH.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLPH.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLMIME.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLMIME.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLCTL.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLCTL.DLL - 2010-03-01 10:53 . 2010-03-01 10:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSXP32.DLL + 2010-03-01 09:53 . 2010-03-01 09:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSXP32.DLL + 2010-03-01 09:53 . 2010-03-01 09:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSMAIN.DLL - 2010-03-01 10:53 . 2010-03-01 10:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSMAIN.DLL + 2010-02-28 07:21 . 2010-02-28 07:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISGRAPH.DLL - 2010-02-28 08:21 . 2010-02-28 08:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISGRAPH.DLL + 2010-02-28 07:21 . 2010-02-28 07:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISAPP.DLL - 2010-02-28 08:21 . 2010-02-28 08:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISAPP.DLL + 2010-02-28 07:21 . 2010-02-28 07:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIS.EXE - 2010-02-28 08:21 . 2010-02-28 08:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIS.EXE - 2010-03-11 06:44 . 2010-03-11 06:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ODEPLOY.EXE + 2010-03-11 05:44 . 2010-03-11 05:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ODEPLOY.EXE + 2010-01-10 02:23 . 2010-01-10 02:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OARPMANY.EXE - 2010-01-10 03:23 . 2010-01-10 03:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OARPMANY.EXE + 2010-02-28 07:15 . 2010-02-28 07:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSTORDB.EXE - 2010-02-28 08:15 . 2010-02-28 08:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSTORDB.EXE - 2010-03-30 03:47 . 2010-03-30 03:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSPROOF6.DLL + 2010-03-30 02:47 . 2010-03-30 02:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSPROOF6.DLL + 2010-03-16 07:58 . 2010-03-16 07:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOUC.EXE - 2010-03-16 08:58 . 2010-03-16 08:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOUC.EXE - 2010-03-16 08:58 . 2010-03-16 08:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOSYNC.EXE + 2010-03-16 07:58 . 2010-03-16 07:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOSYNC.EXE - 2010-03-25 02:28 . 2010-03-25 02:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOICONS.EXE + 2010-03-25 01:28 . 2010-03-25 01:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOICONS.EXE - 2010-03-06 11:29 . 2010-03-06 11:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSODCW.DLL + 2010-03-06 10:29 . 2010-03-06 10:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSODCW.DLL + 2010-03-01 10:17 . 2010-03-01 10:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCF.DLL - 2010-03-01 11:17 . 2010-03-01 11:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCF.DLL + 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSLID.DLL - 2009-09-04 15:02 . 2009-09-04 15:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSLID.DLL + 2010-03-30 02:47 . 2010-03-30 02:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL - 2010-03-30 03:47 . 2010-03-30 03:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL + 2010-03-30 02:47 . 2010-03-30 02:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TK.DLL - 2010-03-30 03:47 . 2010-03-30 03:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TK.DLL - 2010-03-30 03:47 . 2010-03-30 03:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7.DLL + 2010-03-30 02:47 . 2010-03-30 02:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7.DLL + 2010-01-10 02:50 . 2010-01-10 02:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSCONV97.DLL - 2010-01-10 03:50 . 2010-01-10 03:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSCONV97.DLL + 2010-03-23 02:29 . 2010-03-23 02:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MIMEDIR.DLL - 2010-03-23 03:29 . 2010-03-23 03:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MIMEDIR.DLL + 2010-02-28 07:15 . 2010-02-28 07:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MEDCAT.DLL - 2010-02-28 08:15 . 2010-02-28 08:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MEDCAT.DLL + 2010-03-23 02:29 . 2010-03-23 02:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MAPIPH.DLL - 2010-03-23 03:29 . 2010-03-23 03:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MAPIPH.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 427904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOOL.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 427904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOOL.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 169856 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOIN.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 169856 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOIN.DLL + 2010-03-13 05:58 . 2010-03-13 05:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL - 2010-03-13 06:58 . 2010-03-13 06:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNT.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNT.DLL - 2010-03-13 06:58 . 2010-03-13 06:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNR.DLL + 2010-03-13 05:58 . 2010-03-13 05:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNR.DLL + 2010-03-13 19:54 . 2010-03-13 19:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLI.DLL - 2010-03-13 20:54 . 2010-03-13 20:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLI.DLL + 2010-03-13 05:58 . 2010-03-13 05:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL - 2010-03-13 06:58 . 2010-03-13 06:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\IMPMAIL.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\IMPMAIL.DLL - 2010-02-04 10:41 . 2010-02-04 10:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FLTLDR.EXE + 2010-02-04 09:41 . 2010-02-04 09:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FLTLDR.EXE - 2010-02-25 17:07 . 2010-02-25 17:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXPSRV.DLL + 2010-02-25 16:07 . 2010-02-25 16:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXPSRV.DLL - 2010-03-23 17:03 . 2010-03-23 17:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_PDF.DLL + 2010-03-23 16:03 . 2010-03-23 16:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_PDF.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ENVELOPE.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ENVELOPE.DLL + 2010-03-23 02:30 . 2010-03-23 02:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EMABLT32.DLL - 2010-03-23 03:30 . 2010-03-23 03:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EMABLT32.DLL - 2010-02-28 08:09 . 2010-02-28 08:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DWTRIG20.EXE + 2010-02-28 07:09 . 2010-02-28 07:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DWTRIG20.EXE - 2010-03-23 16:57 . 2010-03-23 16:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CONTAB32.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CONTAB32.DLL - 2010-02-28 08:19 . 2010-02-28 08:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CLVIEW.EXE + 2010-02-28 07:19 . 2010-02-28 07:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CLVIEW.EXE + 2010-03-01 10:18 . 2010-03-01 10:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CDLMSO.DLL - 2010-03-01 11:18 . 2010-03-01 11:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CDLMSO.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEXBE.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEXBE.DLL + 2010-03-23 15:54 . 2010-03-23 15:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACETXT.DLL - 2010-03-23 16:54 . 2010-03-23 16:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACETXT.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEREP.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEREP.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACER3X.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACER3X.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL + 2010-03-23 01:51 . 2010-03-23 01:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODBC.DLL - 2010-03-23 02:51 . 2010-03-23 02:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODBC.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCL.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCL.DLL + 2010-03-23 15:54 . 2010-03-23 15:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCH.DLL - 2010-03-23 16:54 . 2010-03-23 16:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCH.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEES.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEES.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEDAO.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEDAO.DLL - 2010-02-13 12:25 . 2010-02-13 12:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL + 2010-02-13 11:25 . 2010-02-13 11:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL + 2009-02-26 03:46 . 2009-02-26 03:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSORUN.DLL + 2011-07-27 10:53 . 2011-07-27 10:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSODCW.DLL + 2009-02-26 21:24 . 2009-02-26 21:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\FPWEC.DLL + 2012-06-23 01:26 . 2012-06-23 01:26 985600 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Wte.Serv#\84eaa33a71568689222378e003e1ea68\Intuit.Ctg.Wte.Service.Interface.ni.dll + 2012-06-23 01:26 . 2012-06-23 01:26 258560 c:\windows\assembly\NativeImages_v4.0.30319_32\common-utility\eda12191a4bda357418af027df3bd80e\common-utility.ni.dll + 2012-06-23 01:25 . 2012-06-23 01:25 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ec1664e7f4661c0fbfe37e453a676ec4\Microsoft.Office.Tools.Outlook.v9.0.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\c510fb4c6a443ed4a159a1fd0e8b0467\Microsoft.Office.Tools.Word.v9.0.ni.dll + 2012-06-23 13:18 . 2012-06-23 13:18 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\c510fb4c6a443ed4a159a1fd0e8b0467\Microsoft.Office.Tools.Word.v9.0.ni.dll + 2012-06-23 01:25 . 2012-06-23 01:25 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\899a519ccaf4583f0d88f36ab8fa6814\Microsoft.Office.Tools.Common.v9.0.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5262df45c4c1d77b1e3ddafe0e0f2704\Microsoft.Office.Tools.Common.v9.0.ni.dll + 2012-06-23 13:18 . 2012-06-23 13:18 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5262df45c4c1d77b1e3ddafe0e0f2704\Microsoft.Office.Tools.Common.v9.0.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0a73204a6e6bd3fddf7f20710f737695\Microsoft.Office.Tools.Outlook.v9.0.ni.dll + 2012-06-23 13:18 . 2012-06-23 13:18 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0a73204a6e6bd3fddf7f20710f737695\Microsoft.Office.Tools.Outlook.v9.0.ni.dll + 2012-06-23 01:25 . 2012-06-23 01:25 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0538276b5e3a34c9047ff0f44ad3f0af\Microsoft.Office.Tools.Word.v9.0.ni.dll + 2012-06-23 02:34 . 2012-06-23 02:34 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\3b7e2d4895e100c465d87d12a7d4fab2\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll - 2012-05-09 12:27 . 2012-05-09 12:27 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\3b7e2d4895e100c465d87d12a7d4fab2\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll + 2012-06-23 02:34 . 2012-06-23 02:34 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\fffcd9e63e3068533e45ba0dde5d17be\Microsoft.BusinessData.ni.dll - 2012-05-09 12:27 . 2012-05-09 12:27 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\fffcd9e63e3068533e45ba0dde5d17be\Microsoft.BusinessData.ni.dll - 2011-12-13 00:50 . 2011-12-13 00:50 448360 c:\windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 448360 c:\windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 374640 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll + 2012-06-23 02:34 . 2012-06-23 02:34 374640 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll - 2011-12-13 00:50 . 2011-12-13 00:50 206720 c:\windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll + 2012-06-23 02:34 . 2012-06-23 02:34 206720 c:\windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 972664 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll + 2012-06-23 02:34 . 2012-06-23 02:34 972664 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll + 2012-06-23 02:34 . 2012-06-23 02:34 206720 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 206720 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll - 2011-12-19 23:50 . 2011-12-19 23:50 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll + 2012-06-23 02:46 . 2012-06-23 02:46 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll + 2012-06-23 02:46 . 2012-06-23 02:46 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll - 2011-12-19 23:50 . 2011-12-19 23:50 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll - 2011-12-13 00:50 . 2011-12-13 00:50 665472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll + 2012-06-23 02:34 . 2012-06-23 02:34 665472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll + 2012-06-23 02:46 . 2012-06-23 02:46 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll - 2011-12-19 23:50 . 2011-12-19 23:50 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll + 2012-06-23 02:34 . 2012-06-23 02:34 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll - 2011-12-13 00:50 . 2011-12-13 00:50 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll - 2011-12-19 23:50 . 2011-12-19 23:50 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll + 2012-06-23 02:46 . 2012-06-23 02:46 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll + 2012-06-23 02:46 . 2012-06-23 02:46 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll - 2011-12-19 23:50 . 2011-12-19 23:50 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll + 2009-07-14 04:45 . 2012-06-23 02:39 7395733 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-14 02:50 7395733 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-12-11 12:20 . 2012-06-24 01:36 8026472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-12-10 12:17 . 2012-06-24 01:36 2496604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat + 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat - 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat + 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi + 2012-06-23 02:33 . 2012-06-23 02:33 8597504 c:\windows\Installer\abdca.msi + 2012-06-23 02:32 . 2012-06-23 02:32 3025408 c:\windows\Installer\abc12.msi + 2012-06-23 02:32 . 2012-06-23 02:32 2115584 c:\windows\Installer\abbee.msi + 2012-06-23 02:32 . 2012-06-23 02:32 2863104 c:\windows\Installer\abbe4.msi + 2012-05-17 07:58 . 2012-05-17 07:58 3462144 c:\windows\Installer\72de3.msp + 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\72dcf.msp + 2012-05-30 12:17 . 2012-05-30 12:17 5010432 c:\windows\Installer\72dc0.msp + 2011-04-29 01:26 . 2011-04-29 01:26 3994624 c:\windows\Installer\72c96.msp + 2011-04-29 01:26 . 2011-04-29 01:26 2426880 c:\windows\Installer\72c76.msp + 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\72c63.msp + 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\72c26.msp + 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\72c05.msp + 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\72bf0.msp + 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\72be3.msp + 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\72bc4.msp + 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\72b6f.msp - 2011-12-19 16:27 . 2012-06-13 23:34 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe + 2011-12-19 16:27 . 2012-06-23 02:46 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe - 2010-02-18 03:56 . 2010-02-18 03:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WKCONV.EXE + 2010-02-18 02:56 . 2010-02-18 02:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WKCONV.EXE - 2010-02-25 17:07 . 2010-02-25 17:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBE7.DLL + 2010-02-25 16:07 . 2010-02-25 16:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBE7.DLL + 2010-02-28 07:55 . 2010-02-28 07:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL - 2010-02-28 08:55 . 2010-02-28 08:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL + 2010-03-25 15:23 . 2010-03-25 15:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL - 2010-03-25 16:23 . 2010-03-25 16:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL + 2010-03-11 05:44 . 2010-03-11 05:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SETUP.EXE - 2010-03-11 06:44 . 2010-03-11 06:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SETUP.EXE - 2009-07-23 16:01 . 2009-07-23 16:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT + 2009-07-23 15:01 . 2009-07-23 15:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT - 2010-03-11 06:44 . 2010-03-11 06:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUP.DLL + 2010-03-11 05:44 . 2010-03-11 05:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUP.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OLMAPI32.DLL + 2010-03-23 15:57 . 2010-03-23 15:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OLMAPI32.DLL + 2010-01-10 02:24 . 2010-01-10 02:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIMG.DLL - 2010-01-10 03:24 . 2010-01-10 03:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIMG.DLL - 2010-02-28 08:19 . 2010-02-28 08:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OFFOWC.DLL + 2010-02-28 07:19 . 2010-02-28 07:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OFFOWC.DLL + 2010-03-30 02:48 . 2010-03-30 02:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL - 2010-03-30 03:48 . 2010-03-30 03:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL + 2010-03-30 02:48 . 2010-03-30 02:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL - 2010-03-30 03:48 . 2010-03-30 03:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL - 2010-03-30 03:47 . 2010-03-30 03:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL + 2010-03-30 02:47 . 2010-03-30 02:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL + 2012-06-23 02:34 . 2012-06-23 02:34 1689472 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBISYNC.DLL - 2011-12-13 00:50 . 2011-12-13 00:50 1689472 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBISYNC.DLL + 2010-03-01 10:08 . 2010-03-01 10:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\GFX.DLL - 2010-03-01 11:08 . 2010-03-01 11:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\GFX.DLL - 2010-02-20 23:20 . 2010-02-20 23:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FM20.DLL + 2010-02-20 22:20 . 2010-02-20 22:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FM20.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEWDAT.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEWDAT.DLL - 2010-03-23 16:55 . 2010-03-23 16:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACECORE.DLL + 2010-03-23 15:55 . 2010-03-23 15:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACECORE.DLL + 2011-07-27 11:51 . 2011-07-27 11:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\OFFOWC.DLL + 2011-06-22 14:16 . 2011-06-22 14:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL + 2012-06-23 01:26 . 2012-06-23 01:26 3399168 c:\windows\assembly\NativeImages_v4.0.30319_32\ttax\bb0d454d017f230c9a5882ce5030ac0f\ttax.ni.dll + 2012-06-23 01:26 . 2012-06-23 01:26 9906688 c:\windows\assembly\NativeImages_v4.0.30319_32\print-engine\f61bad4ee493c6909456af0f24ed5e27\print-engine.ni.dll + 2012-06-23 01:26 . 2012-06-23 01:26 1689600 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Map\8c96e964b376cda548864ceb56420509\Intuit.Ctg.Map.ni.dll + 2012-06-23 13:19 . 2012-06-23 13:19 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d9d39f7847ee9afcdb9d3d6b6316e588\Microsoft.Office.Tools.Common.v9.0.ni.dll - 2012-06-13 23:56 . 2012-06-13 23:56 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d9d39f7847ee9afcdb9d3d6b6316e588\Microsoft.Office.Tools.Common.v9.0.ni.dll + 2012-06-23 13:18 . 2012-06-23 13:18 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\865e52c27f140fec6343a208859ba45b\Microsoft.Office.Tools.Excel.v9.0.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\865e52c27f140fec6343a208859ba45b\Microsoft.Office.Tools.Excel.v9.0.ni.dll + 2012-06-23 01:25 . 2012-06-23 01:25 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\6d5c2f021d5f892fda57ef00cb8a8e6c\Microsoft.Office.Tools.Excel.v9.0.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8dc5da4327840ab08304cf525cfb7ead\Microsoft.Office.BusinessApplications.SyncServices.ni.dll + 2012-06-23 02:46 . 2012-06-23 02:46 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8dc5da4327840ab08304cf525cfb7ead\Microsoft.Office.BusinessApplications.SyncServices.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7475f2e32aa619c5c7a953a9e03b1feb\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll + 2012-06-23 13:18 . 2012-06-23 13:18 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7475f2e32aa619c5c7a953a9e03b1feb\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll + 2012-06-23 02:46 . 2012-06-23 02:46 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\509eebfc4bd36afff7f44dfebd70eaf8\Microsoft.Office.BusinessApplications.Runtime.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\509eebfc4bd36afff7f44dfebd70eaf8\Microsoft.Office.BusinessApplications.Runtime.ni.dll - 2012-06-13 23:52 . 2012-06-13 23:52 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2db98cd03e8f4be6c6b33bee3bdbfc30\Microsoft.Office.BusinessData.ni.dll + 2012-06-23 02:46 . 2012-06-23 02:46 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2db98cd03e8f4be6c6b33bee3bdbfc30\Microsoft.Office.BusinessData.ni.dll + 2012-06-23 02:46 . 2012-06-23 02:46 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll - 2011-12-19 23:50 . 2011-12-19 23:50 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll + 2009-07-14 02:34 . 2012-06-21 18:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2012-06-13 23:45 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-04-29 04:28 . 2011-04-29 04:28 16972800 c:\windows\Installer\72daf.msp + 2011-04-29 04:28 . 2011-04-29 04:28 11056128 c:\windows\Installer\72da6.msp + 2011-04-29 01:34 . 2011-04-29 01:34 11155456 c:\windows\Installer\72d9e.msp + 2011-04-29 01:27 . 2011-04-29 01:27 14467072 c:\windows\Installer\72ca2.msp + 2011-04-29 01:27 . 2011-04-29 01:27 13031936 c:\windows\Installer\72c8c.msp + 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\72c5a.msp + 2009-05-07 14:04 . 2009-05-07 14:04 18341376 c:\windows\Installer\72c19.msp + 2012-03-15 18:09 . 2012-03-15 18:09 17165312 c:\windows\Installer\72c13.msp + 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\72c0c.msp + 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\72bcb.msp + 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\72bb7.msp + 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\72ba6.msp + 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\72b94.msp + 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\72b83.msp - 2010-03-27 14:38 . 2010-03-27 14:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WWLIB.DLL + 2010-03-27 13:38 . 2010-03-27 13:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WWLIB.DLL - 2010-03-23 16:57 . 2010-03-23 16:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLOOK.EXE + 2010-03-23 15:57 . 2010-03-23 15:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLOOK.EXE - 2010-03-13 21:08 . 2010-03-13 21:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OART.DLL + 2010-03-13 20:08 . 2010-03-13 20:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OART.DLL + 2010-03-23 01:36 . 2010-03-23 01:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSORES.DLL - 2010-03-23 02:36 . 2010-03-23 02:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSORES.DLL + 2012-06-23 01:26 . 2012-06-23 01:26 10037248 c:\windows\assembly\NativeImages_v4.0.30319_32\itext\b1b7c81c5ced0a540f40d3dc78166261\itext.ni.dll + 2011-04-29 01:33 . 2011-04-29 01:33 425345024 c:\windows\Installer\72d90.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x] R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x] R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x] S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x] S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x] S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224] S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x] S3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x] S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x] S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x] S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x] S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x] S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x] S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x] S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440] S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . Contents of the 'Scheduled Tasks' folder . 2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . 2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "TpShocks"="TpShocks.exe" [2011-03-29 380776] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\PGPlsp.dll Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23 TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37, dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:29,52,d8,8c,63,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-24 14:11:17 ComboFix-quarantined-files.txt 2012-06-24 19:11 ComboFix2.txt 2012-06-20 00:22 ComboFix3.txt 2012-06-19 20:36 ComboFix4.txt 2012-06-18 13:11 . Pre-Run: 164,060,528,640 bytes free Post-Run: 167,448,211,456 bytes free . - - End Of File - - 973BE3297DCD2691415F3C2B2F6A3477
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

and the rest of the log, looks like skype pinging something too 2012/06/23 10:42:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 51726, Process: outlook.exe) 2012/06/23 11:12:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 52199, Process: outlook.exe) 2012/06/23 11:43:09 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 52655, Process: outlook.exe) 2012/06/23 12:13:26 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 53115, Process: outlook.exe) 2012/06/23 12:43:42 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 53595, Process: outlook.exe) 2012/06/23 13:13:43 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 54097, Process: outlook.exe) 2012/06/23 13:44:08 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 55078, Process: outlook.exe) 2012/06/23 14:14:01 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 55707, Process: outlook.exe) 2012/06/23 14:44:25 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 56333, Process: outlook.exe) 2012/06/23 15:14:34 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 56958, Process: outlook.exe) 2012/06/23 15:40:58 -0500 X220-PC X220 IP-BLOCK 89.28.105.139 (Type: outgoing, Port: 57496, Process: skype.exe) 2012/06/23 15:40:58 -0500 X220-PC X220 IP-BLOCK 89.28.105.139 (Type: outgoing, Port: 35638, Process: skype.exe) 2012/06/23 15:44:42 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 57582, Process: outlook.exe) 2012/06/23 16:15:07 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 58217, Process: outlook.exe) 2012/06/23 16:45:24 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 58864, Process: outlook.exe)
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

Ok, I completely uninstalled outlook , as above, and reinstalled. But still getting that message, malwarebytes log below. 2012/06/23 08:11:46 -0500 X220-PC X220 MESSAGE Executing scheduled update: Daily 2012/06/23 08:11:46 -0500 X220-PC X220 MESSAGE Starting protection 2012/06/23 08:11:48 -0500 X220-PC X220 MESSAGE Protection started successfully 2012/06/23 08:11:51 -0500 X220-PC X220 MESSAGE Starting IP protection 2012/06/23 08:11:51 -0500 X220-PC X220 MESSAGE IP Protection started successfully 2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Scheduled update executed successfully: database updated from version v2012.06.22.09 to version v2012.06.23.04 2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Starting database refresh 2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Stopping IP protection 2012/06/23 08:12:55 -0500 X220-PC X220 MESSAGE IP Protection stopped 2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE Database refreshed successfully 2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE Starting IP protection 2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE IP Protection started successfully 2012/06/23 10:12:51 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 51094, Process: outlook.exe)
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

ok i reset outlook, still getting it
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

It seems like I have removed some stuff for sure but I am still getting that same pop up from malwarebytes
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3;Probably SCRIPT.Virus;Moved.; search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5;Probably SCRIPT.Virus;Moved.; search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ; search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ; search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ; search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ; pv.exe;C:\George\FXOnly\FXOnlySite\xampplite\apache\bin;Program.PrcView.3725;Moved.; BadPlugin.exe;C:\George\TorBrowser\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; Support-LogMeInRescue.exe;C:\Install;Trojan.Siggen3.38887;Deleted.; search_cnbc_com[1].js;C:\Users\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ; search_cnbc_com_header[1].js;C:\Users\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ;
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

running DrWeb CureIt now
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

MiniToolBox by Farbar Version: 09-06-2012 Ran by X220 (administrator) on 21-06-2012 at 09:19:07 Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Sierra Wireless MC8355 – Gobi 3000 HS-USB Mobile Broadband Device 9013 = Mobile Broadband Connection (Connected) Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present) Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected) Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : X220-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Mobile Broadband adapter Mobile Broadband Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Sierra Wireless MC8355 - Gobi 3000 HS-USB Mobile Broadband Device 9013 Physical Address. . . . . . . . . : 00-A0-C6-00-00-00 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.201.206.228(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : 10.201.206.229 DHCPv6 IAID . . . . . . . . . . . : 234922182 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-75-17-8B-F0-DE-F1-A5-6F-3F DNS Servers . . . . . . . . . . . : 172.16.145.103 172.16.145.103 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 64-80-99-4B-7B-5D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : sbx02410.chicail.wayport.net Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN Physical Address. . . . . . . . . : 64-80-99-4B-7B-5C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : F0-DE-F1-A5-6F-3F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{DCFCB76C-CB1B-42C3-B199-54156D512045}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{B510FB13-9E80-4059-9EE5-590B6DACD7E0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 172.16.145.103 Name: google.com Addresses: 2607:f8b0:4009:801::1009 74.125.225.64 74.125.225.67 74.125.225.73 74.125.225.65 74.125.225.78 74.125.225.69 74.125.225.68 74.125.225.71 74.125.225.70 74.125.225.72 74.125.225.66 Pinging google.com [74.125.225.66] with 32 bytes of data: Reply from 74.125.225.66: bytes=32 time=74ms TTL=49 Reply from 74.125.225.66: bytes=32 time=187ms TTL=49 Ping statistics for 74.125.225.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 74ms, Maximum = 187ms, Average = 130ms Server: UnKnown Address: 172.16.145.103 Name: yahoo.com Addresses: 72.30.38.140 209.191.122.70 98.139.183.24 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=815ms TTL=38 Reply from 98.139.183.24: bytes=32 time=715ms TTL=38 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 715ms, Maximum = 815ms, Average = 765ms Server: UnKnown Address: 172.16.145.103 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=2ms TTL=128 Reply from 127.0.0.1: bytes=32 time=1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 2ms, Average = 1ms =========================================================================== Interface List 19...00 a0 c6 00 00 00 ......Sierra Wireless MC8355 - Gobi 3000 HS-USB Mobile Broadband Device 9013 14...64 80 99 4b 7b 5d ......Microsoft Virtual WiFi Miniport Adapter 12...64 80 99 4b 7b 5c ......Intel® Centrino® Advanced-N 6250 AGN 11...f0 de f1 a5 6f 3f ......Intel® 82579LM Gigabit Network Connection 1...........................Software Loopback Interface 1 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.201.206.229 10.201.206.228 296 10.201.206.228 255.255.255.252 On-link 10.201.206.228 296 10.201.206.228 255.255.255.255 On-link 10.201.206.228 296 10.201.206.231 255.255.255.255 On-link 10.201.206.228 296 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.201.206.228 296 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.201.206.228 296 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\PGPlsp.dll [68728] (PGP Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 12 C:\Windows\SysWOW64\PGPlsp.dll [68728] (PGP Corporation) Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\PGPlsp.dll [83064] (PGP Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 12 C:\Windows\System32\PGPlsp.dll [83064] (PGP Corporation) x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/21/2012 08:27:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2012 11:28:44 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/20/2012 11:28:44 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/20/2012 09:19:02 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2012 09:13:39 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2012 05:46:47 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2013 Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2013 Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/19/2012 09:33:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1014 System errors: ============= Error: (06/21/2012 08:27:35 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/21/2012 08:24:32 AM) (Source: NetBT) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (06/20/2012 04:06:46 PM) (Source: NetBT) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (06/20/2012 09:18:33 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/20/2012 09:15:12 AM) (Source: NetBT) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (06/20/2012 09:13:36 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom Error: (06/19/2012 06:37:22 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/19/2012 06:24:40 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/19/2012 06:18:28 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/19/2012 03:54:26 PM) (Source: NetBT) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.1) Adobe Acrobat 9.5.1 - CPSID_83708 Adobe Anchor Service CS3 (Version: 1.0) Adobe Asset Services CS3 (Version: 3) Adobe Bridge CS3 (Version: 2) Adobe Bridge Start Meeting (Version: 1.0) Adobe Camera Raw 4.0 (Version: 4.0) Adobe CMaps (Version: 1.0) Adobe Default Language CS3 (Version: 1.0) Adobe Device Central CS3 (Version: 1.0) Adobe Dreamweaver CS3 (Version: 9) Adobe Dreamweaver CS3 (Version: 9.0) Adobe ExtendScript Toolkit 2 (Version: 2.0) Adobe Extension Manager CS3 (Version: 1.8) Adobe Flash Player 11 ActiveX (Version: 11.3.300.257) Adobe Flash Player 11 Plugin (Version: 11.3.300.257) Adobe Help Viewer CS3 (Version: 1) Adobe PDF iFilter 9 for 64-bit platforms (Version: 9.0.0) Adobe PDF Library Files (Version: 8.0) Adobe Setup (Version: 1.0) Adobe Type Support (Version: 1.0) Adobe Update Manager CS3 (Version: 5.1.0) Adobe Version Cue CS3 Client (Version: 3) Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) ASPCA Reminder by We-Care.com v5.0.5.1 (Version: 5.0.5.1) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2437) AVG 2012 (Version: 2012.0.2180) Batman - Arkham City (Version: 1.0.0.0) BlackBerry Desktop Software 6.1 (Version: 6.1.0.36) Bonjour (Version: 3.0.0.10) Brother MFL-Pro Suite MFC-790CW (Version: 1.0.1.0) Burn.Now 4.5 (Version: 4.5.0) Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Cisco AnyConnect VPN Client (Version: 2.4.0202) Citrix XenApp Web Plugin (Version: 11.0.0.5357) ClipCase Conexant 20672 SmartAudio HD (Version: 8.32.23.2) Core Temp version 0.99.7 (Version: 0.99.7) Corel Burn.Now Lenovo Edition (Version: 4.5.0) Corel DVD MovieFactory 7 (Version: 7.0.0) Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0) Corel WinDVD (Version: 10.0.5.828) CQGNet (Version: 8.5.845) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DesignPro 5 (Version: 5.5.708) Dexpot (Version: 1.5.14) Direct DiscRecorder (Version: 1.00.0000) DivXLand Media Subtitler Dual-Core Optimizer (Version: 1.1.4.0169) Duplicate Cleaner 2.1b (Version: 2.1b) Family Tree Maker 2011 (Version: 20.0.379) FileZilla Client 3.5.3 (Version: 3.5.3) FrontLook Screen Capture 1.0 (Version: 1.0) GetFLV 9.1.0.0 GIMP 2.6.11 (Version: 2.6.11) Google SketchUp 8 (Version: 3.0.11752) Google Talk Plugin (Version: 2.9.10.7526) HandBrake 0.9.6 (Version: 0.9.6) IC-R2 Programmer (Version: 4.00.00.000) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (Version: 1.1.0.1147) Integrated Camera TWAIN (Version: 1.0.11.1223) Intel PROSet Wireless Intel® Control Center (Version: 1.2.1.1007) Intel® Identity Protection Technology 1.0.74.0 (Version: 1.0.74.0) Intel® Management Engine Components (Version: 7.0.0.1144) Intel® Network Connections 15.7.176.0 (Version: 15.7.176.0) Intel® Processor Graphics (Version: 8.15.10.2538) Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000) Intel® WiDi (Version: 2.1.41.0) Intel® Wireless Display iSEEK AnswerWorks English Runtime (Version: 010.000.0101) iTunes (Version: 10.6.1.7) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 31 (Version: 6.0.310) Junk Mail filter update (Version: 15.4.3502.0922) LEGO MINDSTORMS NXT - English Language Pack (Version: 2.0.100.0) LEGO MINDSTORMS NXT Driver for x64 (Version: 1.17.770) LEGO MINDSTORMS NXT Migration Package (Version: 1.2.8.0) LEGO MINDSTORMS NXT Software v2.0 (Version: 2.0.114.0) Lenovo Auto Scroll Utility (Version: 1.11) Lenovo Patch Utility (Version: 1.0.1.1) Lenovo Patch Utility 64 bit (Version: 1.2.0.1) Lenovo Screen Reading Optimizer (Version: 1.10) Lenovo System Interface Driver (Version: 1.05) LiveZilla LiveZilla (Version: 3.3.2.2) Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Camera Codec Pack (Version: 16.0.0652.0621) Microsoft CCR and DSS Runtime 4 Beta 2 (Version: 4.0.2280) Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0) Microsoft Games for Windows Marketplace (Version: 3.5.50.0) Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Standard 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Outlook 2010 (Version: 14.0.6029.1000) Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42) Microsoft Robotics Developer Studio 4 Beta 2 (Version: 4.0.2280) Microsoft Server Speech Platform Runtime (x64) (Version: 10.2.7300.97) Microsoft Server Speech Recognition Language - Kinect (en-US) (Version: 10.5.7400.300) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0) Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0) Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0) Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0) Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4) Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0) Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0) Microsoft SQL Server System CLR Types (Version: 10.50.1447.4) Microsoft SQL Server VSS Writer (Version: 10.3.5500.0) Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0) Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31119) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31124) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0) Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1) Mozilla Maintenance Service (Version: 13.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nikon Message Center 2 (Version: 2.1.0) Nikon Movie Editor (Version: 2.3.0) NVIDIA GAME System Software 2.8.1 (Version: 2.8.1) Objection Series 3.4 (Version: 3.4.0) On Screen Display (Version: 6.60.03) PGP Desktop (Version: 10.0.1.4020) Picture Control Utility (Version: 1.4.1) Picture Control Utility x64 (Version: 1.4.2) Pidgin (Version: 2.10.1) Quicken 2012 (Version: 21.1.7.18) Quicken WillMaker Plus 2012 (Version: 1.0.0.0) QuickTime (Version: 7.71.80.42) RapidBoot (Version: 1.11) RICOH_Media_Driver_v2.14.18.01 (Version: 2.14.18.01) Scratch (Version: 1.4.0.0) Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0) Sierra Wireless QMI Lenovo Driver Package (Version: 1.0.14.0) Skype Click to Call (Version: 5.9.9216) Skype™ 5.8 (Version: 5.8.158) Soluto (Version: 1.3.729.0) Sony DVD Architect Studio 4.5 (Version: 4.5.107) Sony Picture Utility (Version: 3.2.00.05260) Sony Sound Forge Audio Studio 9.0 (Version: 9.0.232) Sound Organizer (Version: 1.2.0.07152) Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0) Steam (Version: 1.0.0.0) SyncToy 2.1 (x64) (Version: 2.1.0) System Update (Version: 4.01.0015) ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2900) ThinkPad FullScreen Magnifier (Version: 2.40) ThinkPad Power Management Driver (Version: 1.64.00.00) ThinkPad Power Manager (Version: 3.65) ThinkPad Tablet Button Driver (Version: 1.04) ThinkPad Tablet Shortcut Menu (Version: 6.29) ThinkPad UltraNav Driver (Version: 15.3.27.1) ThinkPad UltraNav Utility (Version: 2.13.0) ThinkVantage Active Protection System (Version: 1.75) ThinkVantage AutoLock (Version: 1.05) ThinkVantage Communications Utility (Version: 2.08) ThinkVantage Fingerprint Software (Version: 5.9.5.7038) TreeSize Free V2.5 (Version: 2.5) TurboTax 2011 TurboTax 2011 wiliper (Version: 011.000.1768) TurboTax 2011 WinPerFedFormset (Version: 011.000.3268) TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496) TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222) TurboTax 2011 wrapper (Version: 011.000.0121) Unity Web Player (Version: ) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vegas Movie Studio Platinum 9.0 (Version: 9.0.92) ViewNX 2 (Version: 2.3.0) VirtualDJ Home FREE (Version: 7.0.5) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0) VLC media player 2.0.0 (Version: 2.0.0) Windows Driver Package - RT Systems RT CDM Driver Package (03/18/2011 2.08.14) (Version: 03/18/2011 2.08.14) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Word 2007 Content Control Toolkit (Version: 1.3.0) XAMPP 1.7.7 ========================= Devices: ================================ Name: Intel® Centrino® Advanced-N + WiMAX 6250 Description: Intel® Centrino® Advanced-N + WiMAX 6250 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 25% Total physical RAM: 8075.23 MB Available physical RAM: 6034.93 MB Total Pagefile: 16148.66 MB Available Pagefile: 13847.05 MB Total Virtual: 4095.88 MB Available Virtual: 3964.27 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:476.84 GB) (Free:160.47 GB) NTFS ========================= Users: ======================================== User accounts for \\X220-PC Administrator Guest X220 ========================= Minidump Files ================================== No minidump file found **** End of log ****
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

And still getting the same message from Malwarebytes.
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

Sorry slow, see below for log Status: Deleted (events: 3) 6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe Medium 6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe//Rescue and Recovery.msi Medium 6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe//Rescue and Recovery.msi//NewBinary19 Medium
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

there will be a small delay in my response as the file is 131 mb , just to keep you advised, and thanks again for your continued help..............
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

Here is the protection log from malwarebytes for today 2012/06/20 06:58:00 -0500 X220-PC X220 MESSAGE Executing scheduled scan: Quick Scan | Daily | -remove | -log 2012/06/20 06:58:00 -0500 X220-PC X220 MESSAGE Scheduled scan executed successfully 2012/06/20 09:15:38 -0500 X220-PC X220 MESSAGE Starting protection 2012/06/20 09:15:40 -0500 X220-PC X220 MESSAGE Protection started successfully 2012/06/20 09:15:43 -0500 X220-PC X220 MESSAGE Starting IP protection 2012/06/20 09:15:43 -0500 X220-PC X220 MESSAGE IP Protection started successfully 2012/06/20 09:20:35 -0500 X220-PC X220 MESSAGE Starting protection 2012/06/20 09:20:36 -0500 X220-PC X220 MESSAGE Protection started successfully 2012/06/20 09:20:39 -0500 X220-PC X220 MESSAGE Starting IP protection 2012/06/20 09:20:40 -0500 X220-PC X220 MESSAGE IP Protection started successfully 2012/06/20 09:29:11 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49223, Process: outlook.exe) 2012/06/20 09:34:23 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49233, Process: outlook.exe) 2012/06/20 09:44:16 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49252, Process: outlook.exe) 2012/06/20 09:51:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49330, Process: outlook.exe) 2012/06/20 09:55:36 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49348, Process: outlook.exe) 2012/06/20 09:57:04 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49436, Process: outlook.exe) 2012/06/20 10:00:24 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49475, Process: outlook.exe)
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

Still getting the same pop up box
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

sorry, found it. it was hidden for some reason? ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c834d7df522cd7489eb81bfefded6397 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-06-20 12:06:29 # local_time=2012-06-20 07:06:29 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 16543746 16543746 0 0 # compatibility_mode=5893 16776574 100 94 16543727 91732727 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=313265 # found=6 # cleaned=6 # scan_time=4711 C:\Install\dexpot_1514_r1777.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Install\Ancestry_FamilyTreeMaker2011\Family Tree Maker 2011.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Install\InstallSync\acaladvdripperprose.exe Win32/Somoto application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Install\InstallSync\dexpot_158_r1434.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Install\TreeSizeFree\cnet2_TreeSizeFreeSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows\Installer\21cd14.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

yes 6 different things. I could run again if necessary
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

also I searched for log.txt anywhere else on the drive and no luck?
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

I have not log.txt in the location you sepcify? in C/ProgramFiles(x86)/ESET/ESET Online Scanner/ I have only 2 files as below OnlineScanner.ocx OnlineScannerUninstaller.exe
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

....
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

should i leave the two bottom boxes unchecked as shown below? Please advise and then I will promptly send logs. thanks
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

ComboFix 12-06-19.03 - X220 06/19/2012 18:22:42.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6013 [GMT -5:00] Running from: c:\temp\ComboFix.exe Command switches used :: c:\temp\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 23:36 . 2012-06-19 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia 2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-06-19 23:20 28582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-09 15:08 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-09 15:08 . 2012-06-19 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-09 13:22 . 2012-06-19 23:20 4534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-10 13:41 . 2012-06-19 23:13 340004 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-19 23:24 729436 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-19 23:24 147958 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-19 23:17 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-12-11 12:20 . 2012-06-19 23:17 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat - 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat + 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi + 2011-12-10 12:17 . 2012-06-19 23:17 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x] R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x] R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x] S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x] S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x] S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224] S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x] S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x] S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x] S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x] S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x] S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x] S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x] S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440] S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "TpShocks"="TpShocks.exe" [2011-03-29 380776] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\PGPlsp.dll Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23 TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37, dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:29,52,d8,8c,63,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-19 19:21:37 ComboFix-quarantined-files.txt 2012-06-20 00:21 ComboFix2.txt 2012-06-19 20:36 ComboFix3.txt 2012-06-18 13:11 . Pre-Run: 173,952,671,744 bytes free Post-Run: 173,648,621,568 bytes free . - - End Of File - - D914E8AB3180CAA53DB97E68B52EEEE2
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

ComboFix 12-06-16.02 - X220 06/19/2012 15:30:23.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5699 [GMT -5:00] Running from: c:\temp\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 20:33 . 2012-06-19 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia 2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-06-19 17:24 28566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-09 15:08 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-09 15:08 . 2012-06-19 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-09 13:22 . 2012-06-19 17:24 4354 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-10 13:41 . 2012-06-19 20:24 339764 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-19 17:26 729436 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-19 17:26 147958 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-19 20:33 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-12-11 12:20 . 2012-06-19 20:33 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat + 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat + 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi + 2011-12-10 12:17 . 2012-06-19 20:33 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x] R3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056] R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x] R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x] R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x] R3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440] R3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] R3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x] S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x] S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x] S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x] S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x] S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x] S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x] S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job - c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "TpShocks"="TpShocks.exe" [2011-03-29 380776] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\PGPlsp.dll Trusted Zone: intuit.com\ttlc TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23 TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - prefs.js: network.proxy.type - 4 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37, dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:29,52,d8,8c,63,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PGPserv.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\SysWOW64\SAsrv.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Lenovo\System Update\SUService.exe . ************************************************************************** . Completion time: 2012-06-19 15:36:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 20:36 ComboFix2.txt 2012-06-18 13:11 . Pre-Run: 174,167,048,192 bytes free Post-Run: 173,848,752,128 bytes free . - - End Of File - - 44DAD3DBB8EAA83E8CDDA73986764793
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2011 7:12:28 AM System Uptime: 6/19/2012 12:21:16 PM (0 hours ago) . Motherboard: LENOVO | | 4294CTO Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 477 GiB total, 162.248 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Intel® Centrino® Advanced-N + WiMAX 6250 Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3 Manufacturer: Name: Intel® Centrino® Advanced-N + WiMAX 6250 PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer. RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer. RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012 RP151: 6/5/2012 6:29:24 AM - Windows Update RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint RP153: 6/13/2012 6:28:25 PM - Windows Update RP154: 6/13/2012 7:12:00 PM - Windows Update RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.1 - CPSID_83708 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Apple Application Support Apple Software Update ASPCA Reminder by We-Care.com v5.0.5.1 Batman - Arkham City BlackBerry Desktop Software 6.1 Brother MFL-Pro Suite MFC-790CW Burn.Now 4.5 Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Cisco AnyConnect VPN Client Citrix XenApp Web Plugin ClipCase Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory Lenovo Edition Corel WinDVD CQGNet D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DesignPro 5 Dexpot Direct DiscRecorder DivXLand Media Subtitler Dual-Core Optimizer Duplicate Cleaner 2.1b Family Tree Maker 2011 FileZilla Client 3.5.3 FrontLook Screen Capture 1.0 GetFLV 9.1.0.0 GIMP 2.6.11 Google SketchUp 8 Google Talk Plugin HandBrake 0.9.6 IC-R2 Programmer Integrated Camera Driver Installer Package Ver.1.1.0.1147 Integrated Camera TWAIN Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.0.74.0 Intel® Management Engine Components Intel® Processor Graphics Intel® WiDi iSEEK AnswerWorks English Runtime Java Auto Updater Java 6 Update 31 Junk Mail filter update LEGO MINDSTORMS NXT - English Language Pack LEGO MINDSTORMS NXT Migration Package LEGO MINDSTORMS NXT Software v2.0 Lenovo Patch Utility Lenovo Screen Reading Optimizer LiveZilla Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Camera Codec Pack Microsoft CCR and DSS Runtime 4 Beta 2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Robotics Developer Studio 4 Beta 2 Microsoft Server Speech Recognition Language - Kinect (en-US) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nikon Message Center 2 Nikon Movie Editor NVIDIA GAME System Software 2.8.1 Objection Series 3.4 Picture Control Utility Pidgin Quicken 2012 Quicken WillMaker Plus 2012 QuickTime RICOH_Media_Driver_v2.14.18.01 Scratch Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) Sierra Wireless QMI Lenovo Driver Package Skype Click to Call Skype™ 5.8 Sony DVD Architect Studio 4.5 Sony Picture Utility Sony Sound Forge Audio Studio 9.0 Sound Organizer Steam System Update ThinkPad Power Manager ThinkPad Tablet Button Driver ThinkPad Tablet Shortcut Menu ThinkPad UltraNav Utility TreeSize Free V2.5 TurboTax 2011 TurboTax 2011 wiliper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vegas Movie Studio Platinum 9.0 VirtualDJ Home FREE Visual Studio 2008 x64 Redistributables Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 2.0.0 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Word 2007 Content Control Toolkit XAMPP 1.7.7 . ==== Event Viewer Messages From Past Week ======== . 6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses. 6/19/2012 12:21:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom 6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service. 6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
Malwarebytes successfully blocking Outlook access to potentially malicious website

gtdowd replied to gtdowd's topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by X220 at 12:40:50 on 2012-06-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6015 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\SysWOW64\PGPserv.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\SysWOW64\SAsrv.exe C:\Program Files\Soluto\SolutoService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\UI0Detect.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Soluto\soluto.exe C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Dexpot\dexpot.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Quicken\bagent.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Windows\system32\igfxext.exe C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\Dexpot\Dexpot64.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: C:\Windows\system32\PGPlsp.dll Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2 TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23 TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?] R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?] R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?] R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408] R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592] R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128] R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224] R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248] R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480] R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?] R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?] R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?] R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?] R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?] R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?] R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440] R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256] R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232] S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?] S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?] S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168] S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe 2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe 2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe 2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3} 2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862} 2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia 2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch 2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery 2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison . ==================== Find3M ==================== . 2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 12:41:06.87 ===============

Events

Profiles

Forums

Everything posted by gtdowd

Important Information