Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting popups PTCH_ZEKOS.SM detected by Trend


  • This topic is locked This topic is locked
8 replies to this topic

#1 fas8253

fas8253

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 08 May 2014 - 08:30 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by fsnyder at 8:20:32 on 2014-05-08
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1886 [GMT -5:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {1C891F45-A0CB-432B-B467-1D4FAB3ED29C}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {167D1CD5-C53A-4A68-B54E-EC380D5CB3E4}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {FA18E5BD-33F6-45E5-A5FC-DBD7522899F0}
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\TVM\LOADLIB\TTDeployBootstrap.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\AClient\Bin\XcListener.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AClient\Bin\XCGSTask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Documents and Settings\fsnyder\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AClient\Bin\XCSCHE~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: System = ziswin.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: IESSOObj Class: {7DE7B623-A17E-4A0B-94BA-D1B3BA646792} - c:\program files\novell\securelogin\iesso.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\fsnyder\local settings\application data\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HP Officejet 4620 series (NET)] "c:\program files\hp\hp officejet 4620 series\bin\ScanToPCActivationApp.exe" -deviceID "CN29L241K205RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TpShocks] TpShocks.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow
mRun: [Afaria Client File Differencing] c:\program files\aclient\bin\XCDiffCache.exe
mRun: [SecureLogin - Taskbar App] "c:\program files\novell\securelogin\slproto.exe"
mRun: [TTDeployBootstrap] c:\tvm\loadlib\TTDeployBootstrap.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
StartupFolder: c:\docume~1\fsnyder\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\fsnyder\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\fsnyder\startm~1\programs\startup\eaglel~1.lnk - c:\3apps\catapult\3listen.exe
StartupFolder: c:\docume~1\fsnyder\startm~1\programs\startup\eagles~1.lnk - c:\3apps\catapult\Sched.exe
StartupFolder: c:\docume~1\fsnyder\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\fsnyder\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\afaria~2.lnk - c:\program files\aclient\bin\XCGSTask.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\afaria~1.lnk - c:\program files\aclient\bin\XcListener.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NalView.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: Btn_Home = dword:2
uPolicies-Explorer: SpecifyDefaultButtons = dword:1
mPolicies-System: CompatibleRUPSecurity = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://tvremote.truevalue.com/CACHE/stc/2/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267209574625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267209568171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BEE982C5-01D0-4755-A95E-1050179ABBDC} : DHCPNameServer = 192.168.1.254
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll
Notify: ACNotify - ACNotify.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: SLLgnEvt - SLLgnEvt.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages =  msv1_0 nwv1_0
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 172.16.16.66 3USQLODBC # Eagle for Windows U/SQL ODBC Connection (11/15/07 14:10:37)
Hosts: 64.92.197.248 tvremote.truevalue.com
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-12-5 46144]
R2 AMBroker;Access Manager Configuration Service;c:\program files\accessmanager\client\AMBroker.exe [2004-11-3 77824]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2010-2-26 13688]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840]
R2 Sygman;SSA Integration Manager;c:\program files\accessmanager\client\sygman.exe [2004-11-3 126976]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-2 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2008-7-30 263968]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-7-30 36128]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2013-10-10 558480]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2013-11-12 40304]
R3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2013-11-13 58736]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 341584]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-7-30 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-7-30 689416]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-30 14336]
S3 BW2NDIS5;BW2NDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\accessmanager\client\DAPlugin.exe [2004-11-3 81920]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-21 29744]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-11-8 81920]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\accessmanager\smoc\spi_da.exe [2004-10-15 81920]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
.
=============== Created Last 30 ================
.
2014-04-21 23:16:11 6000640 ----a-w- c:\program files\GUTC6.tmp
2014-04-21 23:16:11 -------- d-----w- c:\program files\GUMC5.tmp
.
==================== Find3M  ====================
.
2014-05-07 18:03:51 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-07 18:03:51 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH:  8:22:36.79 ===============
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 08 May 2014 - 10:07 AM

Hello and Welcome on board fas8253 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

I like to deal with this infection with another tool.

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 fas8253

fas8253
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 11 May 2014 - 12:08 PM

 Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014

Ran by fsnyder at 2014-05-11 12:00:05
Running from C:\MyDocs\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {1C891F45-A0CB-432B-B467-1D4FAB3ED29C}
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {167D1CD5-C53A-4A68-B54E-EC380D5CB3E4}
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {FA18E5BD-33F6-45E5-A5FC-DBD7522899F0}
FW: Trend Micro OfficeScan Enterprise Client Firewall (Disabled) {180AED82-72A3-4442-9A49-08D02E7A7D2A}
FW: Trend Micro OfficeScan Enterprise Client Firewall (Disabled) {50DB8ACE-AFF2-4014-80D1-DD32ABC4B181}
FW: Trend Micro Personal Firewall (Disabled) {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
 
==================== Installed Programs ======================
 
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
8500A909_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (Version: 50.0.165.000 - Hewlett-Packard) Hidden
ABBYY FineReader 5.0 Sprint Plus (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.482.3431 - ABBYY Software House)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.01 - )
Access Manager (HKLM\...\{1A748F80-F0D9-4E0E-AA17-DA940E355864}) (Version: 1.24.0000 - MCI, Inc.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Afaria Client (HKLM\...\Afaria Client) (Version:  - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Design Review 2009 (HKLM\...\Autodesk Design Review 2009) (Version: 9.0.96 - Autodesk, Inc.)
Autodesk Design Review 2009 (Version: 9.0.96 - Autodesk, Inc.) Hidden
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.0.0 - Autodesk, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BPD_DSWizards (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
BusinessObjects Enterprise XI Release 2 (HKLM\...\{1FF06B85-EB4F-400D-8602-30A1DD48673B}) (Version: 11.5.8.8265 - Business Objects)
BusinessObjects XI R2 Service Pack 3 (HKLM\...\{73FE5725-19F5-4205-87CA-30802A3E005F}) (Version: 11.5.9.1076 - Business Objects)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM\...\{0F9639CB-D661-4FA0-A4B1-0441E515E0B7}) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DB2 Run-Time Client (HKLM\...\{63F6DCD6-0D5C-4A07-B27C-3AE3E809D6E0}) (Version: 8.1.7 - IBM)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Diskeeper Lite (HKLM\...\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}) (Version: 9.0.541 - Diskeeper Corporation)
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Eagle for Windows (HKLM\...\Eagle for Windows) (Version:  - Activant Solutions Inc.)
Eagle for Windows Training Browser (HKLM\...\Eagle for Windows Training Browser) (Version:  - Activant Solutions Inc.)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Free DWG Viewer 7.1 (HKLM\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0806.10245 - Google)
Google Desktop (Version: 5.1.706.29690 - Google Inc.) Hidden
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GroupWise (HKLM\...\{B9A93A85-1997-4381-8979-4B0BB28AEBC7}) (Version: 7.0.1 - Novell)
GroupWise Internet Browser Mail Integration (HKLM\...\GWMLTO) (Version:  - )
GroupWise Messenger (HKLM\...\{3FC0833E-073C-4D5D-A046-74BC32358CB3}) (Version:  - )
GUI (Version: 4.20.0080 - MCI, Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
hp deskjet 845c series (Remove only) (HKLM\...\hp deskjet 845c series) (Version:  - )
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{5696CE5E-FD09-4DFF-82CE-DB87229F03DD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.311 - InterVideo Inc.)
InterVideo WinDVD Creator 3 (HKLM\...\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}) (Version: 3.0.01.219 - InterVideo Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
Lexmark X6100 Series (HKLM\...\Lexmark X6100 Series) (Version:  - )
LiveConnect Retail Consultant Profiles (HKLM\...\{C14B58DF-95B8-4C75-A0F0-4EAEEFCDAAB7}) (Version: 4.11.0 - Lanovation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Script 5.7 (HKLM\...\Windows Script) (Version:  - Microsoft Corporation)
MPM (HKLM\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1) (HKLM\...\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}) (Version:  - )
NMAS Challenge Response Method (HKLM\...\{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}) (Version: 2.7.5.0 - Novell, Inc.)
NMAS Client (HKLM\...\{9B427732-573E-4E78-B6FA-AC3E5A218BA2}) (Version: 3.4.0.0 - Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version:  - )
Novell SecureLogin (HKLM\...\{8FB811C7-BB16-4E58-B07B-86228AA6048D}) (Version: 6.0.103 - Novell)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}) (Version: 12.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.12.00 - )
PASSPORT 32-bit (Standard Installation) (HKLM\...\PASSPORT Standard) (Version:  - )
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4334.11 - PC-Doctor, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.3 - Frank Heindörfer, Philip Chinery)
Pervasive PSQL v10 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.0.204.000 - Pervasive Software)
PMAC (Version: 1.4.57.0 -  ) Hidden
Print to Fax (HKLM\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Religent LiveConnect 5.2 Client (HKLM\...\{C0E76046-80AD-46A8-9190-C9D8785AFC36}) (Version: 5.2.2021 - Religent)
Religent LiveConnect Framework 5.2 (HKLM\...\{F7A20C79-14DB-4A63-9407-D2F9C4BB6BD1}) (Version: 5.2.2022 - Religent)
Remove Multimedia Center (HKLM\...\Remove Multimedia Center) (Version:  - )
Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0016.00 - Lenovo Group Limited)
RockSolid POS - Feature Pack (HKLM\...\RockSolid POS - Feature Pack 4.1.82) (Version: 4.1.82 - RockSolid POS, Inc.)
RockSolid POS (HKLM\...\RockSolid POS 4.1.18) (Version: 4.1.18 - RockSolid POS, Inc.)
RPAS Client11.2 C:\Program Files\Oracle\Oracle Retail (HKLM\...\RPAS Client11.2 C:_Program Files_Oracle_Oracle Retail) (Version:  - )
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Sierra Wireless MC57xx Package for Access Connections (Version: 6.30.0.3 - Sierra Wireless) Hidden
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SMOC (Version: 1.4.57.0 -  ) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 1.0.2 - Lenovo)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5410 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Sprint SmartView (HKLM\...\{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}) (Version: 2.50.0094.0 - Sprint)
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Street Atlas USA 8.0 (HKLM\...\Street Atlas USA 8.0) (Version:  - )
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter (HKLM\...\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}) (Version: 6.0.3.94 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3100 - Lenovo)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.02 - )
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.50 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.19 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.21.0 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 5.02 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.53 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.18 - ) Hidden
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.5 - Trend Micro)
TruStart 2 Catalog Images (HKLM\...\InstallShield_{132E6CB6-5FF3-4C42-9F9A-DC57C9C40CB3}) (Version: 2.5.0.0 - True Value Company)
TruStart 2 Catalog Images (HKLM\...\InstallShield_{4836E13A-137A-49F5-8515-CEFD9F70573F}) (Version: 2.5.0.0 - True Value Company)
TruStart 2 Catalog Images (Version: 2.5.0.0 - True Value Company) Hidden
TruStart2 Catalog/Order Entry (HKLM\...\InstallShield_{A89B9DFC-AF1E-487A-A474-E59BBD18834B}) (Version: 2.5.0.0 - True Value Company)
TruStart2 Catalog/Order Entry (Version: 2.5.0.0 - True Value Company) Hidden
TruStart2 Components Installer (HKLM\...\InstallShield_{F921895D-9B77-408B-A9C6-82462DBE9156}) (Version: 2.5.0.0 - True Value Company)
TruStart2 Components Installer (Version: 2.5.0.0 - True Value Company) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2583910) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BDC21583-5601-4B2B-88F3-7919F6DE8FB1}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2F2E7045-D922-4BF4-8F87-1583B61D1D6E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2264107) (HKLM\...\KB2264107) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Wallpapers (Version:  - ) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel (NETw4x32) net  (11/27/2007 11.5.0.36) (HKLM\...\2BFA56D22F9A1E3382C6C22AC377F97932ABB3FD) (Version: 11/27/2007 11.5.0.36 - Intel)
Windows Driver Package - Intel (w29n51) net  (07/25/2007 9.0.4.37) (HKLM\...\EFD65E7CD7A28D00217941F33C5CA55964F96136) (Version: 07/25/2007 9.0.4.37 - Intel)
Windows Driver Package - Intel net  (11/27/2007 11.5.0.36) (HKLM\...\AA50C5938456EF4A1C98D24E2FB458C653208D15) (Version: 11/27/2007 11.5.0.36 - Intel)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows NT Messaging (HKLM\...\WMS) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 11.1 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
XP Themes (Version: 1.00.0000 - Lenovo) Hidden
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
ZENworks Desktop Management Agent (HKLM\...\{17ABBB0D-F2B1-4C78-A64F-2DC1C1E7A4DE}) (Version: 7.0.7.50808 - Novell, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2006-04-30 01:55 - 2014-04-21 19:32 - 00000897 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
172.16.16.66      3USQLODBC      # Eagle for Windows U/SQL ODBC Connection (11/15/07 14:10:37)
64.92.197.248 tvremote.truevalue.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-911619853-683857932-2828963430-1022.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-911619853-683857932-2828963430-1022.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{928E0F24-3566-4CFC-AD34-F31263DB014A}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2002-04-17 14:21 - 2002-04-17 14:21 - 00061440 _____ () C:\WINDOWS\system32\xmlparse.dll
2009-07-01 14:38 - 2007-06-21 10:09 - 00245843 ____R () C:\WINDOWS\system32\NWSHLXNT.dll
2009-07-01 14:39 - 2004-07-30 16:05 - 00121660 ____R () C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL
2013-10-10 16:48 - 2013-10-10 16:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-03-30 13:40 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2003-02-25 19:19 - 2003-02-25 19:19 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2007-11-26 16:57 - 2001-10-28 18:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2011-07-29 08:41 - 2003-07-21 09:13 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBFPP5C.dll
2008-08-29 14:58 - 2008-08-29 14:58 - 00197408 _____ () C:\WINDOWS\system32\vpnapi.dll
2005-03-30 15:14 - 2005-03-30 15:14 - 00024576 _____ () C:\Program Files\Novell\ZENworks\NLS\english\NalRes.dll
2010-01-11 14:10 - 2010-01-11 14:10 - 00082944 _____ () C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2007-09-05 12:25 - 2007-09-05 12:25 - 00455968 _____ () C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2007-09-05 13:15 - 2007-09-05 13:15 - 00230688 _____ () C:\Program Files\Pervasive Software\PSQL\bin\W3COMSRV.DLL
2008-05-14 17:25 - 2008-05-14 17:25 - 00520192 _____ () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-14 17:08 - 2008-05-14 17:08 - 00139264 _____ () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2005-03-30 16:12 - 2005-03-30 16:12 - 01051648 _____ () C:\Program Files\Novell\ZENworks\NLS\english\NalUIRes.dll
2003-12-11 09:08 - 2003-12-11 09:08 - 00024576 _____ () C:\WINDOWS\system32\Novell\novdhcp.dll
2007-11-08 20:41 - 2008-08-15 21:35 - 00039424 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2007-11-08 20:41 - 2008-08-15 21:35 - 00033280 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2008-05-14 17:09 - 2008-05-14 17:09 - 00022016 _____ () C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
2007-11-08 20:23 - 2007-09-21 04:19 - 00040960 _____ () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-11-08 20:23 - 2007-09-21 04:19 - 00073728 _____ () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2007-09-28 11:06 - 2009-01-15 01:37 - 01486848 _____ () C:\WINDOWS\system32\nview.dll
2007-11-08 20:41 - 2008-08-15 21:35 - 00200704 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
2008-05-14 17:08 - 2008-05-14 17:08 - 00139264 _____ () C:\Program Files\Common Files\Lenovo\CDRecord.dll
2010-02-26 13:36 - 2001-01-18 13:44 - 00057344 _____ () C:\Program Files\AClient\Bin\bdewin32.dll
2009-03-31 17:05 - 2009-01-26 16:20 - 00008192 ____N () C:\TVM\LOADLIB\TTDeployBootstrap.exe
2009-03-31 17:05 - 2009-01-26 15:48 - 00007168 ____N () C:\TVM\LOADLIB\TTDeployLib.dll
2005-03-30 15:12 - 2005-03-30 15:12 - 00021504 _____ () C:\Program Files\Novell\ZENworks\NLS\english\NalAgentRes.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Documents and Settings\fsnyder\Application Data\Dropbox\bin\libcef.dll
2014-05-07 12:58 - 2014-04-23 19:33 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2006-04-30 01:55 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-04-30 01:55 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-05-07 12:58 - 2014-04-23 19:33 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-05-07 12:58 - 2014-04-23 19:33 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-05-07 12:58 - 2014-04-23 19:33 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\fsnyder\Desktop\2013-11-18 05.56.48.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\fsnyder\Desktop\2013-11-18 06.47.27.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\fsnyder\Desktop\2013-11-18 06.47.49.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk => C:\WINDOWS\pss\VPN Client.lnkCommon Startup
MSCONFIG\startupreg: AccessManager => C:\Program Files\AccessManager\Client\AccessMgr.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DiskeeperSystray => "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /installquiet /keeploaded /nodetect
MSCONFIG\startupreg: SoundMAX => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPLpr => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MSCONFIG\startupreg: TVT Scheduler Proxy => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
 
==================== Faulty Device Manager Devices =============
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet 4700
Description: HP Color LaserJet 4700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4200
Description: hp LaserJet 4200
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055dn
Description: HP LaserJet P2055dn
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp color LaserJet 4650
Description: hp color LaserJet 4650
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet M9050 MFP
Description: HP LaserJet M9050 MFP
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: DesignJet 800 (C7780B)
Description: DesignJet 800 (C7780B)
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP4020 Series
Description: HP Color LaserJet CP4020 Series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 9050
Description: hp LaserJet 9050
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055x
Description: HP LaserJet P2055x
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055dn
Description: HP LaserJet P2055dn
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CM6040 MFP
Description: HP Color LaserJet CM6040 MFP
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet M9050 MFP
Description: HP LaserJet M9050 MFP
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: DesignJet 1050C (C6074A)
Description: DesignJet 1050C (C6074A)
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4200
Description: hp LaserJet 4200
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4100 Series
Description: HP LaserJet 4100 Series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet 4700
Description: HP Color LaserJet 4700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Designjet T1100ps 24in
Description: HP Designjet T1100ps 24in
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp color LaserJet 5550
Description: hp color LaserJet 5550
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP5520 Series
Description: HP Color LaserJet CP5520 Series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4200
Description: hp LaserJet 4200
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P4015
Description: HP LaserJet P4015
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4620 series
Description: Officejet 4620 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/11/2014 10:59:37 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:36 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:36 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:35 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:33 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:30 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:29 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:06 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/11/2014 10:59:02 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (05/07/2014 04:49:26 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
 
System errors:
=============
Error: (05/11/2014 11:32:46 AM) (Source: DCOM) (User: ) (EventID: 10020)
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
 
Error: (05/11/2014 11:31:05 AM) (Source: DCOM) (User: ) (EventID: 10020)
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
 
Error: (05/11/2014 11:25:57 AM) (Source: DCOM) (User: ) (EventID: 10020)
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
 
Error: (05/11/2014 11:25:57 AM) (Source: DCOM) (User: ) (EventID: 10020)
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: The HID Input Service service terminated with the following error: 
%%126
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface service to connect.
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Atheros Configuration Service service failed to start due to the following error: 
%%1053
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Timeout (30000 milliseconds) waiting for the Atheros Configuration Service service to connect.
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The TVT Packet Filter Service service failed to start due to the following error: 
%%2
 
Error: (05/11/2014 11:22:40 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Nortel IPSECSHM Adapter service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2012 10:15:35 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 265 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (12/14/2011 10:52:00 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3651 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2011 05:28:02 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2249 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/15/2011 05:27:37 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10482 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (08/08/2011 01:55:40 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 188 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/08/2011 01:28:03 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 523 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (08/08/2011 00:47:39 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 175 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/08/2011 00:35:59 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 477 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2011 04:10:44 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9527 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/04/2011 04:10:42 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9532 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 3070.22 MB
Available physical RAM: 1647.36 MB
Total Pagefile: 4954.95 MB
Available Pagefile: 3630.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.77 MB
 
==================== Drives ================================
 
Drive c: (Preload) (Fixed) (Total:144.53 GB) (Free:76.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 6BB940F8)
Partition 1: (Active) - (Size=145 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=12)
 

==================== End Of Log ============================ 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by fsnyder (administrator) on FSNYDER-800242 on 11-05-2014 11:56:38
Running from C:\MyDocs\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Novell, Inc.) C:\WINDOWS\system32\novell\xtagent.exe
(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(MCI, Inc.) C:\Program Files\AccessManager\Client\AMBroker.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Novell, Inc.) C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
() C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Novell, Inc.) C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
(Smartpipes, Inc.) C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
(MCI, Inc.) C:\Program Files\AccessManager\Client\sygman.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Novell, Inc.) C:\Program Files\Novell\ZENworks\WM.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Novell, Inc.) C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Novell, Inc.) C:\WINDOWS\system32\dpmw32.exe
(Novell, Inc.) C:\WINDOWS\system32\nwtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(iAnywhere Solutions, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe
() C:\tvm\loadlib\TTDeployBootstrap.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(C-motech Co.,Ltd) C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Macrovision Corporation) C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(iAnywhere Solutions, Inc.) C:\Program Files\AClient\Bin\XcListener.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai\netsession_win.exe
(iAnywhere Solutions, Inc.) C:\Program Files\AClient\Bin\XCGSTask.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Novell, Inc) C:\Program Files\Novell\ZENworks\NalAgent.exe
(Dropbox, Inc.) C:\Documents and Settings\fsnyder\Application Data\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(iAnywhere Solutions, Inc.) C:\PROGRA~1\AClient\Bin\XCSCHE~1.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [PWRMGRTR] => C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [200704 2007-09-21] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] => C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2007-09-21] ()
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181544 2007-09-28] (Lenovo.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2006-02-02] (Sonic Solutions)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [143360 2008-08-15] (Lenovo )
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13549568 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68464 2008-03-24] (Lenovo Group Limited)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-09-09] (Google)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-14] (Lenovo Group Limited)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [118784 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1323008 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet /keeploaded /nodetect
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [NDPS] => C:\WINDOWS\system32\dpmw32.exe [32859 2004-05-17] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] => C:\WINDOWS\system32\NWTRAY.EXE [28672 2002-03-12] (Novell, Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKLM\...\Run: [ZENRC Tray Icon] => C:\WINDOWS\system32\zentray.exe [40960 2005-05-18] (Novell, Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe [874832 2010-12-30] (Trend Micro Inc.)
HKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [135168 2005-05-23] (iAnywhere Solutions, Inc.)
HKLM\...\Run: [SecureLogin - Taskbar App] => C:\Program Files\Novell\SecureLogin\slproto.exe [471040 2006-10-05] (Novell Inc.)
HKLM\...\Run: [TTDeployBootstrap] => C:\TVM\LOADLIB\TTDeployBootstrap.exe [8192 2009-01-26] ()
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-10-15] (HP)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [Sprint SmartView] => C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [75072 2010-12-15] (Sprint)
HKLM\...\Run: [RDVCHG] => C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe [316736 2010-12-15] (C-motech Co.,Ltd)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Lexmark X6100 Series] => C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe [57344 2003-09-23] (Lexmark International, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-01-13] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-05] (RealNetworks, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Winlogon: [System] ziswin.exe No File
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\NetIdentity Notification: C:\WINDOWS\system32\Novell\XtNotify.dll (Novell, Inc.)
Winlogon\Notify\SLLgnEvt: C:\Program Files\Novell\SecureLogin\SLLgnEvt.dll (ActivIdentity, Inc.)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Run: [ISUSPM] => C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-19] (Google Inc.)
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Home] 2
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [SpecifyDefaultButtons] 1
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\MountPoints2: {087704d3-af82-11df-8df6-001cbf396664} - E:\LaunchU3.exe -a
HKU\S-1-5-21-911619853-683857932-2828963430-1022\...\MountPoints2: {49f5ea65-bc3f-11df-8e04-001cbf396664} - E:\WIN\setup.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-09-09] (Google)
Lsa: [Authentication Packages] msv1_0 nwv1_0
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Afaria Client Generic Scheduler.lnk
ShortcutTarget: Afaria Client Generic Scheduler.lnk -> C:\Program Files\AClient\Bin\XCGSTask.exe (iAnywhere Solutions, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Afaria Client Listener.lnk
ShortcutTarget: Afaria Client Listener.lnk -> C:\Program Files\AClient\Bin\XcListener.exe (iAnywhere Solutions, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk
ShortcutTarget: Application Explorer.lnk -> C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Eagle Listener.lnk
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Eagle Scheduler.lnk
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe ()
Startup: C:\Documents and Settings\fsnyder\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\fsnyder\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\fsnyder\Start Menu\Programs\Startup\Eagle Listener.lnk
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe ()
Startup: C:\Documents and Settings\fsnyder\Start Menu\Programs\Startup\Eagle Scheduler.lnk
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe ()
Startup: C:\Documents and Settings\fsnyder\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\fsnyder\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\RC\Start Menu\Programs\Startup\Eagle Listener.lnk
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe ()
Startup: C:\Documents and Settings\RC\Start Menu\Programs\Startup\Eagle Scheduler.lnk
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: IESSOObj Class - {7DE7B623-A17E-4A0B-94BA-D1B3BA646792} - C:\Program Files\Novell\SecureLogin\iesso.dll (Novell Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://tvremote.truevalue.com/CACHE/stc/2/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll (Novell, Inc.)
ShellExecuteHooks: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll [417792 2005-08-04] (Novell, Inc)
Winsock: Catalog5 04 %SystemRoot%\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Winsock: Catalog5 05 %SystemRoot%\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Winsock: Catalog5 06 %SystemRoot%\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-08-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-05-21]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\fsnyder\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\fsnyder\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S2 acs; C:\WINDOWS\system32\acs.exe [364628 2007-04-06] (Atheros)
S2 Akamai; c:\program files\common files\akamai/netsession_win_76a2e34.dll [4764568 2014-04-14] (Akamai Technologies, Inc.)
R2 AMBroker; C:\Program Files\AccessManager\Client\AMBroker.exe [77824 2004-11-03] (MCI, Inc.)
S3 cusrvc; C:\WINDOWS\system32\cusrvc.exe [28672 2006-08-11] (Novell, Inc.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
S3 DAPlugin; C:\Program Files\AccessManager\Client\DAPlugin.exe [81920 2004-11-03] (MCI, Inc.)
S3 DB2JDS; C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe [192581 2004-08-15] (International Business Machines Corporation)
S3 DB2NTSECSERVER; C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe [24638 2004-08-15] (International Business Machines Corporation)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [622700 2006-05-24] (Diskeeper Corporation)
S3 GoogleDesktopManager-061008-081103; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-09-09] (Google)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-09-23] (Lexmark International, Inc.)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 NALNTSERVICE; C:\Program Files\Novell\ZENworks\nalntsrv.exe [112128 2005-08-04] (Novell, Inc.)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1509312 2010-12-16] (Trend Micro Inc.)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [82944 2010-01-11] ()
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
R2 Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [163840 2005-07-11] (Novell, Inc.)
R2 SP Software Installer; C:\Program Files\AccessManager\PMAC\sp_SWIns.exe [139264 2004-10-15] (Smartpipes, Inc.)
S3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [120128 2010-12-15] (SmithMicro Inc.)
S3 sp_spi_da; C:\Program Files\AccessManager\SMOC\spi_da.exe [81920 2004-10-15] (Smartpipes, Inc.)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 Sygman; C:\Program Files\AccessManager\Client\sygman.exe [126976 2004-11-03] (MCI, Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe [345424 2010-06-14] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1597120 2010-12-16] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497080 2010-06-29] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689416 2010-04-24] (Trend Micro Inc.)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-14] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 XTAgent; C:\WINDOWS\System32\Novell\XTAgent.exe [61440 2005-01-10] (Novell, Inc.)
R2 ZFDWM; C:\Program Files\Novell\ZENworks\wm.exe [149024 2005-08-01] (Novell, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2013-10-10] (Cisco Systems, Inc.)
R3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2013-10-10] (Cisco Systems, Inc.)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2008-08-15] (IBM Corp.)
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546112 2007-04-05] (Atheros Communications, Inc.)
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R2 BlankScr; C:\WINDOWS\system32\Drivers\BlankScr.sys [6899 2005-05-23] (Novell Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868042 2007-02-27] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-01-24] (Broadcom Corporation.)
R2 CiSmBios; C:\WINDOWS\system32\Drivers\CiSmBios.sys [13688 2001-07-23] ()
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 Darpan; C:\WINDOWS\System32\DRIVERS\Darpan.sys [2773 2005-05-23] (Novell, Inc.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions)
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-21] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-08-15] ()
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)
S3 LenovoRd; C:\WINDOWS\System32\Drivers\LenovoRd.sys [81920 2007-02-26] (Lenovo)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-11-26] (Intel Corporation)
R2 NetwareWorkstation; C:\WINDOWS\System32\NetWare\nwfs.sys [513664 2007-06-21] (Novell, Inc.)
R0 NICM; C:\WINDOWS\System32\drivers\nicm.sys [38416 2006-03-03] (Novell, Inc.)
R3 Nmea; C:\WINDOWS\System32\DRIVERS\pctnullport.sys [38680 2010-12-15] (PCTEL Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 NWDHCP; C:\WINDOWS\System32\NetWare\nwdhcp.sys [18353 2005-11-22] (Novell, Inc.)
R3 NWDNS; C:\WINDOWS\System32\NetWare\nwdns.sys [43568 2006-10-27] (Novell, Inc.)
R0 NWFILTER; C:\WINDOWS\System32\NetWare\nwfilter.sys [15891 2005-05-26] (Novell, Inc.)
R3 NWHOST; C:\WINDOWS\System32\NetWare\NWHOST.sys [9297 2005-10-12] (Novell, Inc.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWSAP; C:\WINDOWS\System32\NetWare\NWSAP.sys [23232 2003-02-26] ()
R2 NWSIPX32; C:\WINDOWS\System32\NetWare\nwsipx32.sys [39731 2005-10-27] (Novell, Inc.)
R3 NWSLP; C:\WINDOWS\System32\NetWare\nwslp.sys [20332 2005-01-03] (Novell, Inc.)
R3 NWSNS; C:\WINDOWS\System32\NetWare\NWSNS.sys [6128 2005-10-12] (Novell, Inc.)
R3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2007-11-08] (Microsoft Corporation)
R2 RESMGR; C:\WINDOWS\System32\NetWare\resmgr.sys [27249 2004-06-01] (Novell, Inc.)
R2 SRVLOC; C:\WINDOWS\System32\NetWare\srvloc.sys [160209 2006-09-25] (Novell, Inc.)
S3 swmsflt; C:\WINDOWS\System32\DRIVERS\swmsflt.sys [37248 2010-12-15] ()
R2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [67664 2010-12-07] (Trend Micro Inc.)
R3 tmcfw; C:\WINDOWS\System32\DRIVERS\TM_CFW.sys [341584 2010-12-07] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [177232 2010-12-07] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [57424 2010-12-07] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90448 2010-12-07] (Trend Micro Inc.)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2007-09-21] ()
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57216 2007-05-14] (Atheros Communications, Inc.)
S3 BW2NDIS5; System32\Drivers\BW2NDIS5.sys [X]
S3 CSVirtA; system32\DRIVERS\CSVirtA.sys [X]
S3 IPSECSHM; system32\DRIVERS\ipsecw2k.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S3 TVTPktFilter; system32\DRIVERS\tvtpktfilter.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-11 11:56 - 2014-05-11 11:56 - 00000000 ____D () C:\FRST
2014-05-09 22:15 - 2014-05-09 22:19 - 00000000 ____D () C:\Documents and Settings\fsnyder\Desktop\New Folder
2014-05-09 21:46 - 2014-05-09 21:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2014-05-09 21:46 - 2014-05-09 21:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2014-04-21 18:16 - 2014-04-21 18:16 - 06000640 _____ () C:\Program Files\GUTC6.tmp
2014-04-21 18:16 - 2014-04-21 18:16 - 00000000 ____D () C:\Program Files\GUMC5.tmp
 
==================== One Month Modified Files and Folders =======
 
2014-05-11 11:57 - 2007-11-08 20:27 - 00527488 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2014-05-11 11:56 - 2014-05-11 11:56 - 00000000 ____D () C:\FRST
2014-05-11 11:55 - 2007-11-20 11:07 - 00000000 ___RD () C:\MyDocs
2014-05-11 11:52 - 2008-09-09 17:09 - 00139697 _____ () C:\WINDOWS\system32\nvModes.001
2014-05-11 11:51 - 2012-11-20 10:44 - 00000000 ____D () C:\Documents and Settings\fsnyder\Application Data\Dropbox
2014-05-11 11:51 - 2008-09-09 17:09 - 00139697 _____ () C:\WINDOWS\system32\nvModes.dat
2014-05-11 11:50 - 2010-02-26 17:28 - 00000000 ___HD () C:\NALCache
2014-05-11 11:50 - 2007-11-15 15:03 - 00100650 _____ () C:\WINDOWS\3log.log
2014-05-11 11:50 - 2006-04-30 02:11 - 02012302 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 11:48 - 2007-11-09 09:45 - 00184561 _____ () C:\WINDOWS\system32\nvapps.xml
2014-05-11 11:48 - 2007-11-08 20:23 - 00000294 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-05-11 11:47 - 2011-04-21 13:13 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:47 - 2010-09-29 14:16 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-911619853-683857932-2828963430-1022.job
2014-05-11 11:47 - 2006-04-30 01:56 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-11 11:31 - 2011-04-21 13:13 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 11:31 - 2008-09-12 10:20 - 00000000 ____D () C:\SWSHARE
2014-05-11 11:27 - 2011-05-20 07:25 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-11 11:24 - 2006-04-29 11:57 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-05-11 11:23 - 2012-03-15 12:50 - 01238177 _____ () C:\WINDOWS\setupapi.log
2014-05-11 11:23 - 2010-09-02 13:49 - 00346578 _____ () C:\WINDOWS\system32\TmInstall.log
2014-05-11 11:22 - 2013-11-12 19:46 - 03276800 _____ () C:\WINDOWS\system32\config\ACVPN.evt
2014-05-11 11:22 - 2006-04-29 19:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 11:22 - 2006-04-29 19:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 11:21 - 2008-02-21 18:27 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak
2014-05-11 11:21 - 2006-04-30 02:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 11:02 - 2010-02-26 12:19 - 00000178 ___SH () C:\Documents and Settings\fsnyder\ntuser.ini
2014-05-11 11:02 - 2006-04-30 02:20 - 00032578 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-11 10:54 - 2010-02-26 13:24 - 00000396 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{928E0F24-3566-4CFC-AD34-F31263DB014A}.job
2014-05-09 22:19 - 2014-05-09 22:15 - 00000000 ____D () C:\Documents and Settings\fsnyder\Desktop\New Folder
2014-05-09 22:03 - 2012-04-02 07:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-09 21:46 - 2014-05-09 21:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2014-05-09 21:46 - 2014-05-09 21:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2014-05-09 21:46 - 2012-01-13 11:05 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-05-09 20:40 - 2013-11-15 08:51 - 00000460 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-09 16:35 - 2012-08-14 09:16 - 00000000 ____D () C:\Program Files\Recuva
2014-05-09 16:26 - 2012-08-14 09:16 - 00001519 _____ () C:\Documents and Settings\All Users\Desktop\Recuva.lnk
2014-05-09 14:00 - 2013-11-15 08:51 - 00000460 _____ () C:\WINDOWS\Tasks\At4.job
2014-05-09 10:10 - 2013-11-15 08:51 - 00000460 _____ () C:\WINDOWS\Tasks\At1.job
2014-05-09 09:45 - 2007-11-09 15:53 - 00000000 __SHD () C:\WINDOWS\CSC
2014-05-07 16:50 - 2010-02-26 12:19 - 00000000 ____D () C:\Documents and Settings\fsnyder
2014-05-07 15:23 - 2006-04-29 19:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-07 13:03 - 2012-04-02 07:06 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-07 13:03 - 2011-06-08 08:00 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-07 12:58 - 2012-06-05 07:35 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-07 12:57 - 2007-11-19 16:24 - 00008906 _____ () C:\WINDOWS\cfgall.ini
2014-05-01 09:17 - 2011-11-10 08:04 - 00000000 ____D () C:\Documents and Settings\fsnyder\Local Settings\Application Data\Akamai
2014-04-22 17:48 - 2011-08-10 12:24 - 00002413 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2014-04-22 17:48 - 2011-08-10 12:24 - 00002371 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-04-22 17:48 - 2011-08-10 12:24 - 00001766 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Standard.lnk
2014-04-22 17:41 - 2010-03-04 13:47 - 00000000 ____D () C:\Documents and Settings\fsnyder\Local Settings\Application Data\Adobe
2014-04-21 21:18 - 2012-05-22 08:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2014-04-21 19:41 - 2013-11-12 14:49 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-21 19:37 - 2006-04-29 19:04 - 00608992 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-21 19:32 - 2006-04-29 19:03 - 00234378 _____ () C:\WINDOWS\setupact.log
2014-04-21 18:20 - 2012-11-20 10:48 - 00001027 _____ () C:\Documents and Settings\fsnyder\Desktop\Dropbox.lnk
2014-04-21 18:20 - 2012-11-20 10:47 - 00000000 ____D () C:\Documents and Settings\fsnyder\Start Menu\Programs\Dropbox
2014-04-21 18:16 - 2014-04-21 18:16 - 06000640 _____ () C:\Program Files\GUTC6.tmp
2014-04-21 18:16 - 2014-04-21 18:16 - 00000000 ____D () C:\Program Files\GUMC5.tmp
2014-04-21 14:12 - 2010-06-29 12:09 - 00000000 ____D () C:\Program Files\Common Files\Akamai
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\fsnyder\Local Settings\Temp\AdobeUpdater12345.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\AEV25E.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\AEV263.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\converter.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\DelayInst.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\fsnyder\Local Settings\Temp\installservice.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\instmsi.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\instmsiw.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\Setup.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\fsnyder\Local Settings\Temp\vpnclient_setup.exe
C:\Documents and Settings\fsnyder\Local Settings\Temp\ytb_8.4.4.61_2.4.7_mail_bts_pub_us_setup_.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2006-04-30 01:55] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 90653675a1dd74f232d972fd7a72a1c6 
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 11 May 2014 - 12:38 PM

We need to search for a file with FRST:
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 fas8253

fas8253
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 May 2014 - 07:42 PM

Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by fsnyder at 2014-05-12 19:38:50
Running from C:\MyDocs\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2006-04-30 01:55] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 90653675a1dd74f232d972fd7a72a1c6

C:\WINDOWS\system32\dllcache\rpcss.dll
[2009-07-01 09:01] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 8c3785b87d4e666fd0dd3c10016bf4aa

C:\WINDOWS\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\rpcss.dll
[2008-12-23 15:57] - [2005-07-25 23:20] - 0398336 ____N (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2008-12-23 16:09] - [2008-04-14 06:42] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009-07-01 09:05] - [2008-04-14 06:42] - 0399360 ___AC (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2008-12-23 16:06] - [2005-07-25 23:39] - 0397824 ___AC (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009-07-01 09:01] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2006-04-30 02:14] - [2005-07-25 23:20] - 0398336 ____A (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8

C:\I386\rpcss.dll
[2006-04-30 01:37] - [2005-07-25 23:39] - 0397824 ____A (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d

=== End Of Search ===

Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by fsnyder at 2014-05-12 19:38:50
Running from C:\MyDocs\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2006-04-30 01:55] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 90653675a1dd74f232d972fd7a72a1c6

C:\WINDOWS\system32\dllcache\rpcss.dll
[2009-07-01 09:01] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 8c3785b87d4e666fd0dd3c10016bf4aa

C:\WINDOWS\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\rpcss.dll
[2008-12-23 15:57] - [2005-07-25 23:20] - 0398336 ____N (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2008-12-23 16:09] - [2008-04-14 06:42] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009-07-01 09:05] - [2008-04-14 06:42] - 0399360 ___AC (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2008-12-23 16:06] - [2005-07-25 23:39] - 0397824 ___AC (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009-07-01 09:01] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2006-04-30 02:14] - [2005-07-25 23:20] - 0398336 ____A (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8

C:\I386\rpcss.dll
[2006-04-30 01:37] - [2005-07-25 23:39] - 0397824 ____A (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d

=== End Of Search ===



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 13 May 2014 - 12:08 AM

Hello,

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: ComboFix

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:


Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.
  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.
If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

Step 3: FRST Run
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 4: Question
 
How is the PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 13 May 2014 - 09:48 AM

Sorry forgot to attach Fixlist.txt. Here it is:

Attached Files


Edited by Machiavelli, 13 May 2014 - 09:49 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 16 May 2014 - 06:11 AM

Are you still with me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 18 May 2014 - 06:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users