gtdowd
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gtdowd
-
-
I removed all of the rss feeds from outlook this morning and it may have had something to do with that as I have not had any block messages since. Does that make sense to you?
-
ComboFix 12-06-24.03 - X220 06/24/2012 13:15:59.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5609 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 18:29 . 2012-06-24 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 18:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 18:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 18:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 18:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 18:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 18:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:27 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 18:27 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 14:33 . 2012-06-21 17:19 -------- d-----w- c:\users\X220\DoctorWeb
2012-06-20 21:19 . 2012-06-20 21:19 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia
2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-20 22:20 . 2010-02-20 22:20 31616 c:\windows\SysWOW64\FM20ENU.DLL
- 2010-02-20 23:20 . 2010-02-20 23:20 31616 c:\windows\SysWOW64\FM20ENU.DLL
- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 13:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 13:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 13:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-23 13:11 69576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 10:43 28756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-24 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-24 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-13 00:50 . 2012-06-13 23:34 34144 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-06-23 02:34 . 2012-06-23 02:46 34144 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-12-13 00:50 . 2012-06-13 23:34 42848 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-06-23 02:34 . 2012-06-23 02:46 42848 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-06-23 02:34 . 2012-06-23 02:46 19296 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-12-13 00:50 . 2012-06-13 23:34 19296 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-25 16:07 . 2010-02-25 16:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBAJET32.DLL
- 2010-02-25 17:07 . 2010-02-25 17:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBAJET32.DLL
+ 2010-01-10 02:47 . 2010-01-10 02:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
- 2010-01-10 03:47 . 2010-01-10 03:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
- 2010-03-25 16:23 . 2010-03-25 16:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
+ 2010-03-25 15:23 . 2010-03-25 15:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RECALL.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RECALL.DLL
- 2010-03-23 02:36 . 2010-03-23 02:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLRPC.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLRPC.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLACCT.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLACCT.DLL
- 2010-03-23 02:36 . 2010-03-23 02:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
- 2010-03-23 02:36 . 2010-03-23 02:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
- 2010-02-28 08:13 . 2010-02-28 08:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-02-28 07:13 . 2010-02-28 07:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-03-01 10:17 . 2010-03-01 10:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
- 2010-03-01 11:17 . 2010-03-01 11:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
- 2010-01-11 01:48 . 2010-01-11 01:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-01-11 00:48 . 2010-01-11 00:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MLSHEXT.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MLSHEXT.DLL
- 2010-03-13 06:59 . 2010-03-13 06:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICUI.DLL
+ 2010-03-13 05:59 . 2010-03-13 05:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICUI.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
- 2010-03-23 02:36 . 2010-03-23 02:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
- 2010-03-23 03:29 . 2010-03-23 03:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DLGSETP.DLL
+ 2010-03-23 02:29 . 2010-03-23 02:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DLGSETP.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACERCLR.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACERCLR.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEERR.DLL
- 2010-03-23 16:54 . 2010-03-23 16:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEERR.DLL
+ 2009-02-27 01:21 . 2009-02-27 01:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 23:07 . 2009-02-26 23:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2012-06-23 01:26 . 2012-06-23 01:26 14848 c:\windows\assembly\NativeImages_v4.0.30319_32\TVM\055c3ec2bbb8ee0b72677c7d2179cf3b\TVM.ni.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11104 c:\windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11104 c:\windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11640 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11640 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11104 c:\windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11104 c:\windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11640 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11640 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 63336 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 63336 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 25480 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 25480 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 18304 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 18304 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 96128 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 96128 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll
+ 2011-12-09 13:22 . 2012-06-24 10:43 4746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin
+ 2012-06-20 20:56 . 2012-06-20 20:56 9560 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_48.bin
+ 2012-06-20 20:56 . 2012-06-20 20:56 4280 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_32.bin
+ 2012-06-20 20:56 . 2012-06-20 20:56 2456 c:\windows\system32\NetworkList\Icons\{C9C78CFF-C71B-47F3-9B79-178483CD98E3}_24.bin
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 10:40 . 2012-06-24 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 10:40 . 2012-06-24 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 13:41 . 2012-06-22 18:41 340332 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-24 10:46 732378 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 10:46 148840 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-06-23 02:36 472352 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:46 . 2012-06-23 02:52 114040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-24 01:36 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abc0c.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 656896 c:\windows\Installer\abc07.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 667648 c:\windows\Installer\abc02.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 663040 c:\windows\Installer\abbfd.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abbf8.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 653824 c:\windows\Installer\abbf3.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 650240 c:\windows\Installer\abbe9.msi
+ 2011-04-29 01:27 . 2011-04-29 01:27 608768 c:\windows\Installer\72d96.msp
+ 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\72c70.msp
+ 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\72c33.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\72bf8.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\72bd7.msp
+ 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\72b76.msp
- 2011-12-13 00:50 . 2012-06-13 23:34 303456 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-06-23 02:34 . 2012-06-23 02:46 303456 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-06-23 02:34 . 2012-06-23 02:46 571232 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-13 00:50 . 2012-06-13 23:34 571232 c:\windows\Installer\{91140000-001A-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-19 16:27 . 2012-06-13 23:34 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-20 01:01 . 2011-12-20 01:01 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-06-23 02:45 . 2012-06-23 02:45 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-12-21 05:59 . 2010-12-21 05:59 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.6029\MSOUC.EXE
+ 2010-12-21 05:59 . 2010-12-21 05:59 718720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.6029\MSOSYNC.EXE
- 2010-01-10 03:47 . 2010-01-10 03:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
+ 2010-01-10 02:47 . 2010-01-10 02:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
- 2010-02-28 08:18 . 2010-02-28 08:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TRANSMGR.DLL
+ 2010-02-28 07:18 . 2010-02-28 07:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\TRANSMGR.DLL
+ 2010-03-25 15:23 . 2010-03-25 15:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL
- 2010-03-25 16:23 . 2010-03-25 16:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL
- 2010-02-28 08:13 . 2010-02-28 08:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SELFCERT.EXE
+ 2010-02-28 07:13 . 2010-02-28 07:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SELFCERT.EXE
- 2010-03-23 03:29 . 2010-03-23 03:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST64.DLL
+ 2010-03-23 02:29 . 2010-03-23 02:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST64.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST32.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SCNPST32.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RTFHTML.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\RTFHTML.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PSTPRX32.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\PSTPRX32.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLPH.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLPH.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLMIME.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLMIME.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLCTL.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLCTL.DLL
- 2010-03-01 10:53 . 2010-03-01 10:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSXP32.DLL
+ 2010-03-01 09:53 . 2010-03-01 09:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSXP32.DLL
+ 2010-03-01 09:53 . 2010-03-01 09:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSMAIN.DLL
- 2010-03-01 10:53 . 2010-03-01 10:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OMSMAIN.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
- 2010-02-28 08:21 . 2010-02-28 08:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISAPP.DLL
- 2010-02-28 08:21 . 2010-02-28 08:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OISAPP.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIS.EXE
- 2010-02-28 08:21 . 2010-02-28 08:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIS.EXE
- 2010-03-11 06:44 . 2010-03-11 06:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-03-11 05:44 . 2010-03-11 05:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-01-10 02:23 . 2010-01-10 02:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OARPMANY.EXE
- 2010-01-10 03:23 . 2010-01-10 03:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OARPMANY.EXE
+ 2010-02-28 07:15 . 2010-02-28 07:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSTORDB.EXE
- 2010-02-28 08:15 . 2010-02-28 08:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSTORDB.EXE
- 2010-03-30 03:47 . 2010-03-30 03:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-30 02:47 . 2010-03-30 02:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-16 07:58 . 2010-03-16 07:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOUC.EXE
- 2010-03-16 08:58 . 2010-03-16 08:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOUC.EXE
- 2010-03-16 08:58 . 2010-03-16 08:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
+ 2010-03-16 07:58 . 2010-03-16 07:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
- 2010-03-25 02:28 . 2010-03-25 02:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOICONS.EXE
+ 2010-03-25 01:28 . 2010-03-25 01:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOICONS.EXE
- 2010-03-06 11:29 . 2010-03-06 11:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-03-06 10:29 . 2010-03-06 10:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-03-01 10:17 . 2010-03-01 10:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCF.DLL
- 2010-03-01 11:17 . 2010-03-01 11:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSOCF.DLL
+ 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSLID.DLL
- 2009-09-04 15:02 . 2009-09-04 15:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSLID.DLL
+ 2010-03-30 02:47 . 2010-03-30 02:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL
- 2010-03-30 03:47 . 2010-03-30 03:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL
+ 2010-03-30 02:47 . 2010-03-30 02:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TK.DLL
- 2010-03-30 03:47 . 2010-03-30 03:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7TK.DLL
- 2010-03-30 03:47 . 2010-03-30 03:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7.DLL
+ 2010-03-30 02:47 . 2010-03-30 02:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSET7.DLL
+ 2010-01-10 02:50 . 2010-01-10 02:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSCONV97.DLL
- 2010-01-10 03:50 . 2010-01-10 03:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSCONV97.DLL
+ 2010-03-23 02:29 . 2010-03-23 02:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MIMEDIR.DLL
- 2010-03-23 03:29 . 2010-03-23 03:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MIMEDIR.DLL
+ 2010-02-28 07:15 . 2010-02-28 07:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MEDCAT.DLL
- 2010-02-28 08:15 . 2010-02-28 08:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MEDCAT.DLL
+ 2010-03-23 02:29 . 2010-03-23 02:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MAPIPH.DLL
- 2010-03-23 03:29 . 2010-03-23 03:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MAPIPH.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 427904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOOL.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 427904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOOL.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 169856 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOIN.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 169856 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBITOIN.DLL
+ 2010-03-13 05:58 . 2010-03-13 05:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL
- 2010-03-13 06:58 . 2010-03-13 06:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 960384 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNT.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNT.DLL
- 2010-03-13 06:58 . 2010-03-13 06:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNR.DLL
+ 2010-03-13 05:58 . 2010-03-13 05:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLNR.DLL
+ 2010-03-13 19:54 . 2010-03-13 19:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLI.DLL
- 2010-03-13 20:54 . 2010-03-13 20:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBICLI.DLL
+ 2010-03-13 05:58 . 2010-03-13 05:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL
- 2010-03-13 06:58 . 2010-03-13 06:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 518016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\IMPMAIL.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\IMPMAIL.DLL
- 2010-02-04 10:41 . 2010-02-04 10:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FLTLDR.EXE
+ 2010-02-04 09:41 . 2010-02-04 09:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FLTLDR.EXE
- 2010-02-25 17:07 . 2010-02-25 17:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXPSRV.DLL
+ 2010-02-25 16:07 . 2010-02-25 16:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXPSRV.DLL
- 2010-03-23 17:03 . 2010-03-23 17:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
+ 2010-03-23 16:03 . 2010-03-23 16:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ENVELOPE.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ENVELOPE.DLL
+ 2010-03-23 02:30 . 2010-03-23 02:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EMABLT32.DLL
- 2010-03-23 03:30 . 2010-03-23 03:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\EMABLT32.DLL
- 2010-02-28 08:09 . 2010-02-28 08:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
+ 2010-02-28 07:09 . 2010-02-28 07:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
- 2010-03-23 16:57 . 2010-03-23 16:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CONTAB32.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CONTAB32.DLL
- 2010-02-28 08:19 . 2010-02-28 08:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CLVIEW.EXE
+ 2010-02-28 07:19 . 2010-02-28 07:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CLVIEW.EXE
+ 2010-03-01 10:18 . 2010-03-01 10:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CDLMSO.DLL
- 2010-03-01 11:18 . 2010-03-01 11:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\CDLMSO.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEXBE.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEXBE.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACETXT.DLL
- 2010-03-23 16:54 . 2010-03-23 16:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACETXT.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACER3X.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACER3X.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODBC.DLL
- 2010-03-23 02:51 . 2010-03-23 02:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEODBC.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
- 2010-03-23 16:54 . 2010-03-23 16:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEES.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEES.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEDAO.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEDAO.DLL
- 2010-02-13 12:25 . 2010-02-13 12:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2010-02-13 11:25 . 2010-02-13 11:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2009-02-26 03:46 . 2009-02-26 03:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2012-06-23 01:26 . 2012-06-23 01:26 985600 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Wte.Serv#\84eaa33a71568689222378e003e1ea68\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-23 01:26 . 2012-06-23 01:26 258560 c:\windows\assembly\NativeImages_v4.0.30319_32\common-utility\eda12191a4bda357418af027df3bd80e\common-utility.ni.dll
+ 2012-06-23 01:25 . 2012-06-23 01:25 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ec1664e7f4661c0fbfe37e453a676ec4\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\c510fb4c6a443ed4a159a1fd0e8b0467\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-06-23 13:18 . 2012-06-23 13:18 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\c510fb4c6a443ed4a159a1fd0e8b0467\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-06-23 01:25 . 2012-06-23 01:25 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\899a519ccaf4583f0d88f36ab8fa6814\Microsoft.Office.Tools.Common.v9.0.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5262df45c4c1d77b1e3ddafe0e0f2704\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-06-23 13:18 . 2012-06-23 13:18 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5262df45c4c1d77b1e3ddafe0e0f2704\Microsoft.Office.Tools.Common.v9.0.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0a73204a6e6bd3fddf7f20710f737695\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-06-23 13:18 . 2012-06-23 13:18 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0a73204a6e6bd3fddf7f20710f737695\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-06-23 01:25 . 2012-06-23 01:25 854016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\0538276b5e3a34c9047ff0f44ad3f0af\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\3b7e2d4895e100c465d87d12a7d4fab2\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
- 2012-05-09 12:27 . 2012-05-09 12:27 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\3b7e2d4895e100c465d87d12a7d4fab2\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\fffcd9e63e3068533e45ba0dde5d17be\Microsoft.BusinessData.ni.dll
- 2012-05-09 12:27 . 2012-05-09 12:27 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\fffcd9e63e3068533e45ba0dde5d17be\Microsoft.BusinessData.ni.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 448360 c:\windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 448360 c:\windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 374640 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 374640 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 206720 c:\windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 206720 c:\windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 972664 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 972664 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 206720 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 206720 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 665472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 665472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
+ 2012-06-23 02:34 . 2012-06-23 02:34 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll
- 2011-12-13 00:50 . 2011-12-13 00:50 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
+ 2009-07-14 04:45 . 2012-06-23 02:39 7395733 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-14 02:50 7395733 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-11 12:20 . 2012-06-24 01:36 8026472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-10 12:17 . 2012-06-24 01:36 2496604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat
+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi
+ 2012-06-23 02:33 . 2012-06-23 02:33 8597504 c:\windows\Installer\abdca.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 3025408 c:\windows\Installer\abc12.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 2115584 c:\windows\Installer\abbee.msi
+ 2012-06-23 02:32 . 2012-06-23 02:32 2863104 c:\windows\Installer\abbe4.msi
+ 2012-05-17 07:58 . 2012-05-17 07:58 3462144 c:\windows\Installer\72de3.msp
+ 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\72dcf.msp
+ 2012-05-30 12:17 . 2012-05-30 12:17 5010432 c:\windows\Installer\72dc0.msp
+ 2011-04-29 01:26 . 2011-04-29 01:26 3994624 c:\windows\Installer\72c96.msp
+ 2011-04-29 01:26 . 2011-04-29 01:26 2426880 c:\windows\Installer\72c76.msp
+ 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\72c63.msp
+ 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\72c26.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\72c05.msp
+ 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\72bf0.msp
+ 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\72be3.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\72bc4.msp
+ 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\72b6f.msp
- 2011-12-19 16:27 . 2012-06-13 23:34 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-12-19 16:27 . 2012-06-23 02:46 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-18 03:56 . 2010-02-18 03:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-02-18 02:56 . 2010-02-18 02:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WKCONV.EXE
- 2010-02-25 17:07 . 2010-02-25 17:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBE7.DLL
+ 2010-02-25 16:07 . 2010-02-25 16:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\VBE7.DLL
+ 2010-02-28 07:55 . 2010-02-28 07:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL
- 2010-02-28 08:55 . 2010-02-28 08:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL
+ 2010-03-25 15:23 . 2010-03-25 15:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
- 2010-03-25 16:23 . 2010-03-25 16:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
+ 2010-03-11 05:44 . 2010-03-11 05:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SETUP.EXE
- 2010-03-11 06:44 . 2010-03-11 06:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\SETUP.EXE
- 2009-07-23 16:01 . 2009-07-23 16:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT
+ 2009-07-23 15:01 . 2009-07-23 15:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT
- 2010-03-11 06:44 . 2010-03-11 06:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUP.DLL
+ 2010-03-11 05:44 . 2010-03-11 05:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OSETUP.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OLMAPI32.DLL
+ 2010-03-23 15:57 . 2010-03-23 15:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OLMAPI32.DLL
+ 2010-01-10 02:24 . 2010-01-10 02:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIMG.DLL
- 2010-01-10 03:24 . 2010-01-10 03:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OIMG.DLL
- 2010-02-28 08:19 . 2010-02-28 08:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-02-28 07:19 . 2010-02-28 07:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-03-30 02:48 . 2010-03-30 02:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL
- 2010-03-30 03:48 . 2010-03-30 03:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL
+ 2010-03-30 02:48 . 2010-03-30 02:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL
- 2010-03-30 03:48 . 2010-03-30 03:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL
- 2010-03-30 03:47 . 2010-03-30 03:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL
+ 2010-03-30 02:47 . 2010-03-30 02:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL
+ 2012-06-23 02:34 . 2012-06-23 02:34 1689472 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBISYNC.DLL
- 2011-12-13 00:50 . 2011-12-13 00:50 1689472 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\LOBISYNC.DLL
+ 2010-03-01 10:08 . 2010-03-01 10:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\GFX.DLL
- 2010-03-01 11:08 . 2010-03-01 11:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\GFX.DLL
- 2010-02-20 23:20 . 2010-02-20 23:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FM20.DLL
+ 2010-02-20 22:20 . 2010-02-20 22:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\FM20.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
- 2010-03-23 16:55 . 2010-03-23 16:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACECORE.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\ACECORE.DLL
+ 2011-07-27 11:51 . 2011-07-27 11:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-06-22 14:16 . 2011-06-22 14:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2012-06-23 01:26 . 2012-06-23 01:26 3399168 c:\windows\assembly\NativeImages_v4.0.30319_32\ttax\bb0d454d017f230c9a5882ce5030ac0f\ttax.ni.dll
+ 2012-06-23 01:26 . 2012-06-23 01:26 9906688 c:\windows\assembly\NativeImages_v4.0.30319_32\print-engine\f61bad4ee493c6909456af0f24ed5e27\print-engine.ni.dll
+ 2012-06-23 01:26 . 2012-06-23 01:26 1689600 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Map\8c96e964b376cda548864ceb56420509\Intuit.Ctg.Map.ni.dll
+ 2012-06-23 13:19 . 2012-06-23 13:19 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d9d39f7847ee9afcdb9d3d6b6316e588\Microsoft.Office.Tools.Common.v9.0.ni.dll
- 2012-06-13 23:56 . 2012-06-13 23:56 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d9d39f7847ee9afcdb9d3d6b6316e588\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-06-23 13:18 . 2012-06-23 13:18 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\865e52c27f140fec6343a208859ba45b\Microsoft.Office.Tools.Excel.v9.0.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\865e52c27f140fec6343a208859ba45b\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-06-23 01:25 . 2012-06-23 01:25 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\6d5c2f021d5f892fda57ef00cb8a8e6c\Microsoft.Office.Tools.Excel.v9.0.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8dc5da4327840ab08304cf525cfb7ead\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8dc5da4327840ab08304cf525cfb7ead\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7475f2e32aa619c5c7a953a9e03b1feb\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2012-06-23 13:18 . 2012-06-23 13:18 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7475f2e32aa619c5c7a953a9e03b1feb\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\509eebfc4bd36afff7f44dfebd70eaf8\Microsoft.Office.BusinessApplications.Runtime.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\509eebfc4bd36afff7f44dfebd70eaf8\Microsoft.Office.BusinessApplications.Runtime.ni.dll
- 2012-06-13 23:52 . 2012-06-13 23:52 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2db98cd03e8f4be6c6b33bee3bdbfc30\Microsoft.Office.BusinessData.ni.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2db98cd03e8f4be6c6b33bee3bdbfc30\Microsoft.Office.BusinessData.ni.dll
+ 2012-06-23 02:46 . 2012-06-23 02:46 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2011-12-19 23:50 . 2011-12-19 23:50 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
+ 2009-07-14 02:34 . 2012-06-21 18:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-13 23:45 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-04-29 04:28 . 2011-04-29 04:28 16972800 c:\windows\Installer\72daf.msp
+ 2011-04-29 04:28 . 2011-04-29 04:28 11056128 c:\windows\Installer\72da6.msp
+ 2011-04-29 01:34 . 2011-04-29 01:34 11155456 c:\windows\Installer\72d9e.msp
+ 2011-04-29 01:27 . 2011-04-29 01:27 14467072 c:\windows\Installer\72ca2.msp
+ 2011-04-29 01:27 . 2011-04-29 01:27 13031936 c:\windows\Installer\72c8c.msp
+ 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\72c5a.msp
+ 2009-05-07 14:04 . 2009-05-07 14:04 18341376 c:\windows\Installer\72c19.msp
+ 2012-03-15 18:09 . 2012-03-15 18:09 17165312 c:\windows\Installer\72c13.msp
+ 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\72c0c.msp
+ 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\72bcb.msp
+ 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\72bb7.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\72ba6.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\72b94.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\72b83.msp
- 2010-03-27 14:38 . 2010-03-27 14:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WWLIB.DLL
+ 2010-03-27 13:38 . 2010-03-27 13:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\WWLIB.DLL
- 2010-03-23 16:57 . 2010-03-23 16:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLOOK.EXE
+ 2010-03-23 15:57 . 2010-03-23 15:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OUTLOOK.EXE
- 2010-03-13 21:08 . 2010-03-13 21:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-13 20:08 . 2010-03-13 20:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSORES.DLL
- 2010-03-23 02:36 . 2010-03-23 02:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004119A10000000000000000F01FEC\14.0.4763\MSORES.DLL
+ 2012-06-23 01:26 . 2012-06-23 01:26 10037248 c:\windows\assembly\NativeImages_v4.0.30319_32\itext\b1b7c81c5ced0a540f40d3dc78166261\itext.ni.dll
+ 2011-04-29 01:33 . 2011-04-29 01:33 425345024 c:\windows\Installer\72d90.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]
S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]
S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,52,d8,8c,63,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-24 14:11:17
ComboFix-quarantined-files.txt 2012-06-24 19:11
ComboFix2.txt 2012-06-20 00:22
ComboFix3.txt 2012-06-19 20:36
ComboFix4.txt 2012-06-18 13:11
.
Pre-Run: 164,060,528,640 bytes free
Post-Run: 167,448,211,456 bytes free
.
- - End Of File - - 973BE3297DCD2691415F3C2B2F6A3477
-
and the rest of the log, looks like skype pinging something too
2012/06/23 10:42:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 51726, Process: outlook.exe)
2012/06/23 11:12:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 52199, Process: outlook.exe)
2012/06/23 11:43:09 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 52655, Process: outlook.exe)
2012/06/23 12:13:26 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 53115, Process: outlook.exe)
2012/06/23 12:43:42 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 53595, Process: outlook.exe)
2012/06/23 13:13:43 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 54097, Process: outlook.exe)
2012/06/23 13:44:08 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 55078, Process: outlook.exe)
2012/06/23 14:14:01 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 55707, Process: outlook.exe)
2012/06/23 14:44:25 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 56333, Process: outlook.exe)
2012/06/23 15:14:34 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 56958, Process: outlook.exe)
2012/06/23 15:40:58 -0500 X220-PC X220 IP-BLOCK 89.28.105.139 (Type: outgoing, Port: 57496, Process: skype.exe)
2012/06/23 15:40:58 -0500 X220-PC X220 IP-BLOCK 89.28.105.139 (Type: outgoing, Port: 35638, Process: skype.exe)
2012/06/23 15:44:42 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 57582, Process: outlook.exe)
2012/06/23 16:15:07 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 58217, Process: outlook.exe)
2012/06/23 16:45:24 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 58864, Process: outlook.exe)
-
Ok, I completely uninstalled outlook , as above, and reinstalled. But still getting that message, malwarebytes log below.
2012/06/23 08:11:46 -0500 X220-PC X220 MESSAGE Executing scheduled update: Daily
2012/06/23 08:11:46 -0500 X220-PC X220 MESSAGE Starting protection
2012/06/23 08:11:48 -0500 X220-PC X220 MESSAGE Protection started successfully
2012/06/23 08:11:51 -0500 X220-PC X220 MESSAGE Starting IP protection
2012/06/23 08:11:51 -0500 X220-PC X220 MESSAGE IP Protection started successfully
2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Scheduled update executed successfully: database updated from version v2012.06.22.09 to version v2012.06.23.04
2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Starting database refresh
2012/06/23 08:11:55 -0500 X220-PC X220 MESSAGE Stopping IP protection
2012/06/23 08:12:55 -0500 X220-PC X220 MESSAGE IP Protection stopped
2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE Database refreshed successfully
2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE Starting IP protection
2012/06/23 08:12:57 -0500 X220-PC X220 MESSAGE IP Protection started successfully
2012/06/23 10:12:51 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 51094, Process: outlook.exe)
-
ok i reset outlook, still getting it
-
It seems like I have removed some stuff for sure but I am still getting that same pop up from malwarebytes
-
search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3;Probably SCRIPT.Virus;Moved.;
search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5;Probably SCRIPT.Virus;Moved.;
search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ;
search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ;
search_cnbc_com[1].js;C:\Documents and Settings\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ;
search_cnbc_com_header[1].js;C:\Documents and Settings\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ;
pv.exe;C:\George\FXOnly\FXOnlySite\xampplite\apache\bin;Program.PrcView.3725;Moved.;
BadPlugin.exe;C:\George\TorBrowser\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.;
Support-LogMeInRescue.exe;C:\Install;Trojan.Siggen3.38887;Deleted.;
search_cnbc_com[1].js;C:\Users\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3IIM3NA;Probably SCRIPT.Virus;Invalid path to file ;
search_cnbc_com_header[1].js;C:\Users\X220\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZB8T5KN;Probably SCRIPT.Virus;Invalid path to file ;
-
running DrWeb CureIt now
-
MiniToolBox by Farbar Version: 09-06-2012
Ran by X220 (administrator) on 21-06-2012 at 09:19:07
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Sierra Wireless MC8355 – Gobi 3000 HS-USB Mobile Broadband Device 9013 = Mobile Broadband Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : X220-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Mobile Broadband adapter Mobile Broadband Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Sierra Wireless MC8355 - Gobi 3000 HS-USB Mobile Broadband Device 9013
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.201.206.228(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.201.206.229
DHCPv6 IAID . . . . . . . . . . . : 234922182
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-75-17-8B-F0-DE-F1-A5-6F-3F
DNS Servers . . . . . . . . . . . : 172.16.145.103
172.16.145.103
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 64-80-99-4B-7B-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : sbx02410.chicail.wayport.net
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 64-80-99-4B-7B-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : F0-DE-F1-A5-6F-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{DCFCB76C-CB1B-42C3-B199-54156D512045}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B510FB13-9E80-4059-9EE5-590B6DACD7E0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 172.16.145.103
Name: google.com
Addresses: 2607:f8b0:4009:801::1009
74.125.225.64
74.125.225.67
74.125.225.73
74.125.225.65
74.125.225.78
74.125.225.69
74.125.225.68
74.125.225.71
74.125.225.70
74.125.225.72
74.125.225.66
Pinging google.com [74.125.225.66] with 32 bytes of data:
Reply from 74.125.225.66: bytes=32 time=74ms TTL=49
Reply from 74.125.225.66: bytes=32 time=187ms TTL=49
Ping statistics for 74.125.225.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 187ms, Average = 130ms
Server: UnKnown
Address: 172.16.145.103
Name: yahoo.com
Addresses: 72.30.38.140
209.191.122.70
98.139.183.24
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=815ms TTL=38
Reply from 98.139.183.24: bytes=32 time=715ms TTL=38
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 715ms, Maximum = 815ms, Average = 765ms
Server: UnKnown
Address: 172.16.145.103
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
19...00 a0 c6 00 00 00 ......Sierra Wireless MC8355 - Gobi 3000 HS-USB Mobile Broadband Device 9013
14...64 80 99 4b 7b 5d ......Microsoft Virtual WiFi Miniport Adapter
12...64 80 99 4b 7b 5c ......Intel® Centrino® Advanced-N 6250 AGN
11...f0 de f1 a5 6f 3f ......Intel® 82579LM Gigabit Network Connection
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.201.206.229 10.201.206.228 296
10.201.206.228 255.255.255.252 On-link 10.201.206.228 296
10.201.206.228 255.255.255.255 On-link 10.201.206.228 296
10.201.206.231 255.255.255.255 On-link 10.201.206.228 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.201.206.228 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.201.206.228 296
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\PGPlsp.dll [68728] (PGP Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\PGPlsp.dll [68728] (PGP Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\PGPlsp.dll [83064] (PGP Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\PGPlsp.dll [83064] (PGP Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/21/2012 08:27:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2012 11:28:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/20/2012 11:28:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/20/2012 09:19:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2012 09:13:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2012 05:46:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
Error: (06/19/2012 09:33:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2012 09:33:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
System errors:
=============
Error: (06/21/2012 08:27:35 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (06/21/2012 08:24:32 AM) (Source: NetBT) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (06/20/2012 04:06:46 PM) (Source: NetBT) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (06/20/2012 09:18:33 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (06/20/2012 09:15:12 AM) (Source: NetBT) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (06/20/2012 09:13:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgtdia
cdrom
Error: (06/19/2012 06:37:22 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (06/19/2012 06:24:40 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (06/19/2012 06:18:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (06/19/2012 03:54:26 PM) (Source: NetBT) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Microsoft Office Sessions:
=========================
=========================== Installed Programs ============================
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.1)
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Help Viewer CS3 (Version: 1)
Adobe PDF iFilter 9 for 64-bit platforms (Version: 9.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Setup (Version: 1.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ASPCA Reminder by We-Care.com v5.0.5.1 (Version: 5.0.5.1)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
Batman - Arkham City (Version: 1.0.0.0)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-790CW (Version: 1.0.1.0)
Burn.Now 4.5 (Version: 4.5.0)
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco AnyConnect VPN Client (Version: 2.4.0202)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
ClipCase
Conexant 20672 SmartAudio HD (Version: 8.32.23.2)
Core Temp version 0.99.7 (Version: 0.99.7)
Corel Burn.Now Lenovo Edition (Version: 4.5.0)
Corel DVD MovieFactory 7 (Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0)
Corel WinDVD (Version: 10.0.5.828)
CQGNet (Version: 8.5.845)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5 (Version: 5.5.708)
Dexpot (Version: 1.5.14)
Direct DiscRecorder (Version: 1.00.0000)
DivXLand Media Subtitler
Dual-Core Optimizer (Version: 1.1.4.0169)
Duplicate Cleaner 2.1b (Version: 2.1b)
Family Tree Maker 2011 (Version: 20.0.379)
FileZilla Client 3.5.3 (Version: 3.5.3)
FrontLook Screen Capture 1.0 (Version: 1.0)
GetFLV 9.1.0.0
GIMP 2.6.11 (Version: 2.6.11)
Google SketchUp 8 (Version: 3.0.11752)
Google Talk Plugin (Version: 2.9.10.7526)
HandBrake 0.9.6 (Version: 0.9.6)
IC-R2 Programmer (Version: 4.00.00.000)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (Version: 1.1.0.1147)
Integrated Camera TWAIN (Version: 1.0.11.1223)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.0.74.0 (Version: 1.0.74.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 15.7.176.0 (Version: 15.7.176.0)
Intel® Processor Graphics (Version: 8.15.10.2538)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000)
Intel® WiDi (Version: 2.1.41.0)
Intel® Wireless Display
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
LEGO MINDSTORMS NXT - English Language Pack (Version: 2.0.100.0)
LEGO MINDSTORMS NXT Driver for x64 (Version: 1.17.770)
LEGO MINDSTORMS NXT Migration Package (Version: 1.2.8.0)
LEGO MINDSTORMS NXT Software v2.0 (Version: 2.0.114.0)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Screen Reading Optimizer (Version: 1.10)
Lenovo System Interface Driver (Version: 1.05)
LiveZilla
LiveZilla (Version: 3.3.2.2)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Camera Codec Pack (Version: 16.0.0652.0621)
Microsoft CCR and DSS Runtime 4 Beta 2 (Version: 4.0.2280)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Robotics Developer Studio 4 Beta 2 (Version: 4.0.2280)
Microsoft Server Speech Platform Runtime (x64) (Version: 10.2.7300.97)
Microsoft Server Speech Recognition Language - Kinect (en-US) (Version: 10.5.7400.300)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31124)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.0)
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
Objection Series 3.4 (Version: 3.4.0)
On Screen Display (Version: 6.60.03)
PGP Desktop (Version: 10.0.1.4020)
Picture Control Utility (Version: 1.4.1)
Picture Control Utility x64 (Version: 1.4.2)
Pidgin (Version: 2.10.1)
Quicken 2012 (Version: 21.1.7.18)
Quicken WillMaker Plus 2012 (Version: 1.0.0.0)
QuickTime (Version: 7.71.80.42)
RapidBoot (Version: 1.11)
RICOH_Media_Driver_v2.14.18.01 (Version: 2.14.18.01)
Scratch (Version: 1.4.0.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Sierra Wireless QMI Lenovo Driver Package (Version: 1.0.14.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Soluto (Version: 1.3.729.0)
Sony DVD Architect Studio 4.5 (Version: 4.5.107)
Sony Picture Utility (Version: 3.2.00.05260)
Sony Sound Forge Audio Studio 9.0 (Version: 9.0.232)
Sound Organizer (Version: 1.2.0.07152)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Steam (Version: 1.0.0.0)
SyncToy 2.1 (x64) (Version: 2.1.0)
System Update (Version: 4.01.0015)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2900)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad Power Manager (Version: 3.65)
ThinkPad Tablet Button Driver (Version: 1.04)
ThinkPad Tablet Shortcut Menu (Version: 6.29)
ThinkPad UltraNav Driver (Version: 15.3.27.1)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Active Protection System (Version: 1.75)
ThinkVantage AutoLock (Version: 1.05)
ThinkVantage Communications Utility (Version: 2.08)
ThinkVantage Fingerprint Software (Version: 5.9.5.7038)
TreeSize Free V2.5 (Version: 2.5)
TurboTax 2011
TurboTax 2011 wiliper (Version: 011.000.1768)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3268)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vegas Movie Studio Platinum 9.0 (Version: 9.0.92)
ViewNX 2 (Version: 2.3.0)
VirtualDJ Home FREE (Version: 7.0.5)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Driver Package - RT Systems RT CDM Driver Package (03/18/2011 2.08.14) (Version: 03/18/2011 2.08.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Word 2007 Content Control Toolkit (Version: 1.3.0)
XAMPP 1.7.7
========================= Devices: ================================
Name: Intel® Centrino® Advanced-N + WiMAX 6250
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
========================= Memory info: ===================================
Percentage of memory in use: 25%
Total physical RAM: 8075.23 MB
Available physical RAM: 6034.93 MB
Total Pagefile: 16148.66 MB
Available Pagefile: 13847.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.27 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:476.84 GB) (Free:160.47 GB) NTFS
========================= Users: ========================================
User accounts for \\X220-PC
Administrator Guest X220
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
-
And still getting the same message from Malwarebytes.
-
Sorry slow, see below for log
Status: Deleted (events: 3)
6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe Medium
6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe//Rescue and Recovery.msi Medium
6/21/2012 6:22:43 AM Deleted adware not-a-virus:AdWare.Win32.Gaba.omg C:\SWTOOLS\readyapps\rnr\tvtrnr.exe//Rescue and Recovery.msi//NewBinary19 Medium
-
there will be a small delay in my response as the file is 131 mb , just to keep you advised, and thanks again for your continued help..............
-
Here is the protection log from malwarebytes for today
2012/06/20 06:58:00 -0500 X220-PC X220 MESSAGE Executing scheduled scan: Quick Scan | Daily | -remove | -log
2012/06/20 06:58:00 -0500 X220-PC X220 MESSAGE Scheduled scan executed successfully
2012/06/20 09:15:38 -0500 X220-PC X220 MESSAGE Starting protection
2012/06/20 09:15:40 -0500 X220-PC X220 MESSAGE Protection started successfully
2012/06/20 09:15:43 -0500 X220-PC X220 MESSAGE Starting IP protection
2012/06/20 09:15:43 -0500 X220-PC X220 MESSAGE IP Protection started successfully
2012/06/20 09:20:35 -0500 X220-PC X220 MESSAGE Starting protection
2012/06/20 09:20:36 -0500 X220-PC X220 MESSAGE Protection started successfully
2012/06/20 09:20:39 -0500 X220-PC X220 MESSAGE Starting IP protection
2012/06/20 09:20:40 -0500 X220-PC X220 MESSAGE IP Protection started successfully
2012/06/20 09:29:11 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49223, Process: outlook.exe)
2012/06/20 09:34:23 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49233, Process: outlook.exe)
2012/06/20 09:44:16 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49252, Process: outlook.exe)
2012/06/20 09:51:44 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49330, Process: outlook.exe)
2012/06/20 09:55:36 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49348, Process: outlook.exe)
2012/06/20 09:57:04 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49436, Process: outlook.exe)
2012/06/20 10:00:24 -0500 X220-PC X220 IP-BLOCK 208.73.210.155 (Type: outgoing, Port: 49475, Process: outlook.exe)
-
Still getting the same pop up box
-
sorry, found it. it was hidden for some reason?
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c834d7df522cd7489eb81bfefded6397
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-20 12:06:29
# local_time=2012-06-20 07:06:29 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 16543746 16543746 0 0
# compatibility_mode=5893 16776574 100 94 16543727 91732727 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=313265
# found=6
# cleaned=6
# scan_time=4711
C:\Install\dexpot_1514_r1777.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Install\Ancestry_FamilyTreeMaker2011\Family Tree Maker 2011.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Install\InstallSync\acaladvdripperprose.exe Win32/Somoto application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Install\InstallSync\dexpot_158_r1434.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Install\TreeSizeFree\cnet2_TreeSizeFreeSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\21cd14.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C
-
yes 6 different things. I could run again if necessary
-
also I searched for log.txt anywhere else on the drive and no luck?
-
I have not log.txt in the location you sepcify?
in C/ProgramFiles(x86)/ESET/ESET Online Scanner/ I have only 2 files as below
OnlineScanner.ocx
OnlineScannerUninstaller.exe
-
-
should i leave the two bottom boxes unchecked as shown below? Please advise and then I will promptly send logs. thanks
-
ComboFix 12-06-19.03 - X220 06/19/2012 18:22:42.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6013 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
Command switches used :: c:\temp\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 23:36 . 2012-06-19 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia
2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-19 23:20 28582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 15:08 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-19 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 13:22 . 2012-06-19 23:20 4534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 13:41 . 2012-06-19 23:13 340004 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-19 23:24 729436 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 23:24 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 23:17 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-11 12:20 . 2012-06-19 23:17 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi
+ 2011-12-10 12:17 . 2012-06-19 23:17 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]
S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,52,d8,8c,63,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-19 19:21:37
ComboFix-quarantined-files.txt 2012-06-20 00:21
ComboFix2.txt 2012-06-19 20:36
ComboFix3.txt 2012-06-18 13:11
.
Pre-Run: 173,952,671,744 bytes free
Post-Run: 173,648,621,568 bytes free
.
- - End Of File - - D914E8AB3180CAA53DB97E68B52EEEE2
-
ComboFix 12-06-16.02 - X220 06/19/2012 15:30:23.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5699 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 20:33 . 2012-06-19 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia
2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-19 17:24 28566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 15:08 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-19 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 13:22 . 2012-06-19 17:24 4354 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 13:41 . 2012-06-19 20:24 339764 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-19 17:26 729436 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 17:26 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 20:33 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-11 12:20 . 2012-06-19 20:33 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi
+ 2011-12-10 12:17 . 2012-06-19 20:33 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]
R3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,52,d8,8c,63,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PGPserv.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2012-06-19 15:36:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 20:36
ComboFix2.txt 2012-06-18 13:11
.
Pre-Run: 174,167,048,192 bytes free
Post-Run: 173,848,752,128 bytes free
.
- - End Of File - - 44DAD3DBB8EAA83E8CDDA73986764793
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2011 7:12:28 AM
System Uptime: 6/19/2012 12:21:16 PM (0 hours ago)
.
Motherboard: LENOVO | | 4294CTO
Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 477 GiB total, 162.248 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Manufacturer:
Name: Intel® Centrino® Advanced-N + WiMAX 6250
PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer.
RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer.
RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012
RP151: 6/5/2012 6:29:24 AM - Windows Update
RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint
RP153: 6/13/2012 6:28:25 PM - Windows Update
RP154: 6/13/2012 7:12:00 PM - Windows Update
RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
Batman - Arkham City
BlackBerry Desktop Software 6.1
Brother MFL-Pro Suite MFC-790CW
Burn.Now 4.5
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco AnyConnect VPN Client
Citrix XenApp Web Plugin
ClipCase
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
CQGNet
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5
Dexpot
Direct DiscRecorder
DivXLand Media Subtitler
Dual-Core Optimizer
Duplicate Cleaner 2.1b
Family Tree Maker 2011
FileZilla Client 3.5.3
FrontLook Screen Capture 1.0
GetFLV 9.1.0.0
GIMP 2.6.11
Google SketchUp 8
Google Talk Plugin
HandBrake 0.9.6
IC-R2 Programmer
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.0.74.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® WiDi
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java 6 Update 31
Junk Mail filter update
LEGO MINDSTORMS NXT - English Language Pack
LEGO MINDSTORMS NXT Migration Package
LEGO MINDSTORMS NXT Software v2.0
Lenovo Patch Utility
Lenovo Screen Reading Optimizer
LiveZilla
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft CCR and DSS Runtime 4 Beta 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Robotics Developer Studio 4 Beta 2
Microsoft Server Speech Recognition Language - Kinect (en-US)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center 2
Nikon Movie Editor
NVIDIA GAME System Software 2.8.1
Objection Series 3.4
Picture Control Utility
Pidgin
Quicken 2012
Quicken WillMaker Plus 2012
QuickTime
RICOH_Media_Driver_v2.14.18.01
Scratch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Sierra Wireless QMI Lenovo Driver Package
Skype Click to Call
Skype™ 5.8
Sony DVD Architect Studio 4.5
Sony Picture Utility
Sony Sound Forge Audio Studio 9.0
Sound Organizer
Steam
System Update
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad UltraNav Utility
TreeSize Free V2.5
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vegas Movie Studio Platinum 9.0
VirtualDJ Home FREE
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Word 2007 Content Control Toolkit
XAMPP 1.7.7
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
6/19/2012 12:21:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom
6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by X220 at 12:40:50 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6015 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\Soluto\SolutoService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Dexpot\Dexpot64.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]
R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]
R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]
R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]
R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]
R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440]
R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256]
R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?]
S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?]
S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe
2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe
2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe
2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3}
2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862}
2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia
2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch
2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery
2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison
.
==================== Find3M ====================
.
2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:41:06.87 ===============
Malwarebytes successfully blocking Outlook access to potentially malicious website
in Resolved Malware Removal Logs
Posted
Everything looks good now, thanks very much for your help!