Jump to content

mkruzel

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mkruzel
    Actually I did another test with downloading virus definitions with aswMBR and it downloaded faster on my machine. We recently upgraded our phone system to VoIP and the download was really slow. Jeff, thanks for all your help1
  2. mkruzel
    I was a little pressed for time so I backed up her data and scanned her data on a separate drive to remove any viruses & then reinstalled Windows 7 via SCCM. How large are the virus definition files usually on the Avast utility? It was taking longer than an hour to download the virus definitions.
  3. mkruzel
    I think I'm just going to back this persons's data up and install Windows 7 sp1 which I'm sure will remove the rootkit/s and pup.bundlieoffers.iiq.
  4. mkruzel
    How big are the avast virus definition files? They are taking a long time to download.
  5. mkruzel
    One thing I found is that this laptop doesn't have Windows 7 sp1 installed.
  6. mkruzel
    I'm logged in with a different account and don't see the mysearchresults.com search engine. Should I be logged in with the infected user's account? Here is the dds file: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.17115 Run by zelda01 at 8:49:12 on 2012-11-20 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2003.966 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes ================ . C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\lsm.exe C:\WINDOWS\system32\atiesrxx.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Users\KPurcell\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\CCM\CcmExec.exe C:\WINDOWS\system32\atieclxx.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\taskhost.exe C:\WINDOWS\system32\taskeng.exe C:\WINDOWS\system32\Dwm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\net.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe C:\WINDOWS\system32\sppsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\WmiApSrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\servicing\TrustedInstaller.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskhost.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.saintpaul.edu uDefault_Page_URL = hxxp://www.saintpaul.edu BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - <orphaned> BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - c:\users\kpurcell\appdata\local\playtopus\Playtopus.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: legalnoticecaption = Saint Paul College Acceptable Use Policy mPolicies-Windows\System: UserPolicyMode = dword:1 mPolicies-Windows\System: DeleteRoamingCache = dword:1 mPolicies-Windows\System: SlowLinkDetectEnabled = dword:0 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.1.14.61 10.1.14.19 TCP: Interfaces\{387E119E-02D1-455D-891E-E52BBCFC4FB4}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{8676C854-A2F9-44E5-8611-32DE661E604A} : DHCPNameServer = 10.1.14.61 10.1.14.19 Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-11-13 107520] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-23 1839776] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-23 106656] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe [2011-4-25 142240] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400] . =============== Created Last 30 ================ . 2012-11-20 14:44:44 -------- d-----w- c:\users\zelda01\appdata\local\Google 2012-11-19 20:18:04 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-11-19 20:15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-19 20:15:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-19 19:12:37 -------- d-----w- c:\programdata\Malwarebytes 2012-11-13 23:51:41 -------- d-----w- c:\program files\Freeze.com 2012-11-13 23:51:20 -------- d-----w- c:\program files\Yahoo! 2012-10-29 18:48:13 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-29 18:47:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-29 18:47:41 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-29 18:47:30 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-29 18:44:14 541184 ----a-w- c:\windows\system32\kerberos.dll 2012-10-29 18:43:41 139264 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-29 18:43:41 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-29 18:43:40 1157632 ----a-w- c:\windows\system32\crypt32.dll 2012-10-29 18:43:02 172544 ----a-w- c:\windows\system32\wintrust.dll . ==================== Find3M ==================== . 2012-08-24 17:10:47 981504 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 16:01:45 386048 ----a-w- c:\windows\system32\html.iec 2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 8:50:08.24 =============== Here is attach.txt file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 12/3/2010 3:20:36 PM System Uptime: 11/20/2012 8:42:47 AM (0 hours ago) . Motherboard: Dell Inc. | | 0DW635 Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 197.3 GiB free. D: is CDROM (UDF) P: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free. R: is NetworkDisk (NTFS) - 200 GiB total, 185.737 GiB free. S: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free. U: is NetworkDisk (NTFS) - 10 GiB total, 4.128 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP104: 9/11/2012 3:53:21 PM - Scheduled Checkpoint RP105: 9/19/2012 8:06:55 AM - Scheduled Checkpoint RP106: 9/24/2012 3:41:21 PM - Windows Update RP107: 10/9/2012 3:48:15 PM - Scheduled Checkpoint RP108: 10/17/2012 8:03:35 AM - Scheduled Checkpoint RP109: 10/24/2012 8:15:37 AM - Scheduled Checkpoint RP110: 10/29/2012 1:42:23 PM - Windows Update RP111: 11/6/2012 8:47:34 PM - Scheduled Checkpoint RP112: 11/14/2012 8:19:34 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader X Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Camtasia Studio 7 Configuration Manager Client DefaultTab Google Toolbar for Internet Explorer Google Update Helper iTunes Java Auto Updater Java 6 Update 27 LiveUpdate 3.3 (Symantec Corporation) Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 MobileMe Control Panel Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service NetAssistant Notepad++ version 6.1.2 OGA Notifier 2.0.0048.0 QuickTime Respondus 3.5 Campus-Wide RICOH R5U8xx Media Driver ver.3.62.02 Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) SoundMAX SUPERAntiSpyware Symantec Endpoint Protection TestGen Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2536413) Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 11/20/2012 8:46:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/19/2012 7:17:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/19/2012 7:15:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 11/19/2012 10:08:41 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. 11/19/2012 10:08:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 11/14/2012 1:07:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6. . ==== End Of File ===========================
  7. mkruzel
    I will try this tomorrow and get back to you.
  8. mkruzel
    I have one computer infected with this trojan and I scanned the computer with Malwarebytes and it only found 1. I clicked the remove option and restarted the pc after scanning and it didn't remove the mysearchresults.com search engine and the home page was pointing still to myfreeze.com home page still. Can Malwarebytes remove this or should I just reinstall Windows 7 to remove the infection?
  9. mkruzel
    It is fixed. I read on another newsgroup that a user got an infected Word 2007 template and so I updated her machine to Office 2010 and rebooted. I logged in with her account and another account and the computer can get to Google, Bing, Yahoo and produce search results. Thanks MrC for all your help!
  10. mkruzel
    Here is info.txt info.txt logfile of random's system information tool 1.09 2012-05-25 10:22:37 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe -->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF} -->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF} -->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF} -->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Shockwave Player 11.5-->MsiExec.exe /X{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3} Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2} Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62} Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1} Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B} DesignPro 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{32821558-2C36-4FD0-A891-CA65360B0EC7} Elvis Calendar Widget-->msiexec /qb /x {C360F0C7-53DD-71D3-310C-3307AEB0F409} Elvis Calendar Widget-->MsiExec.exe /I{C360F0C7-53DD-71D3-310C-3307AEB0F409} iTunes-->MsiExec.exe /I{C897FCB3-2F8B-4185-8035-79E2AF3A92A4} Java 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF} JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10} Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NVIDIA 3D Vision Controller Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB NVIDIA 3D Vision Controller Driver-->"C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly NVIDIA 3D Vision Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision NVIDIA Graphics Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver NVIDIA HD Audio Driver 1.2.23.3-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver NVIDIA PhysX System Software 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask NVIDIA Update 1.3.5-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} Related Math Interactive Training-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UA\RMT\Uninst.isu" Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3} Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Safari-->MsiExec.exe /I{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE} Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A} Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Symantec Endpoint Protection-->MsiExec.exe /I{FA689023-0B72-4771-98A6-A1C927E58207} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202} Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF} Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} ======System event log====== Computer Name: KZUSAND01.saintpaul.edu Event Code: 10016 Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 102991 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20120404140253.000000-000 Event Type: Error User: NT AUTHORITY\SYSTEM Computer Name: KZUSAND01.saintpaul.edu Event Code: 129 Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1) Record Number: 102983 Source Name: Microsoft-Windows-Time-Service Time Written: 20120404140208.102169-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: KZUSAND01.saintpaul.edu Event Code: 129 Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1) Record Number: 102982 Source Name: Microsoft-Windows-Time-Service Time Written: 20120404140206.588967-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: KZUSAND01.saintpaul.edu Event Code: 1129 Message: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Record Number: 102965 Source Name: Microsoft-Windows-GroupPolicy Time Written: 20120404140155.986524-000 Event Type: Error User: NT AUTHORITY\SYSTEM Computer Name: KZUSAND01.saintpaul.edu Event Code: 5719 Message: This computer was not able to set up a secure session with a domain controller in domain MAIL due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Record Number: 102947 Source Name: NETLOGON Time Written: 20120404140154.000000-000 Event Type: Error User: =====Application event log===== Computer Name: KZUSAND01.saintpaul.edu Event Code: 6 Message: Could not scan 3 files inside c:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent Record Number: 20555 Source Name: Symantec AntiVirus Time Written: 20120307162644.000000-000 Event Type: Warning User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 6 Message: Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent Record Number: 20554 Source Name: Symantec AntiVirus Time Written: 20120307162643.000000-000 Event Type: Warning User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 6 Message: Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent Record Number: 20553 Source Name: Symantec AntiVirus Time Written: 20120307162641.000000-000 Event Type: Warning User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 6 Message: Could not scan 3 files inside c:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent Record Number: 20552 Source Name: Symantec AntiVirus Time Written: 20120307162636.000000-000 Event Type: Warning User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 6 Message: Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-C\ProPlsWW.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent Record Number: 20551 Source Name: Symantec AntiVirus Time Written: 20120307162633.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: KZUSAND01.saintpaul.edu Event Code: 5447 Message: A Windows Filtering Platform filter has been changed. Subject: Security ID: S-1-5-18 Account Name: NT AUTHORITY\SYSTEM Process Information: Process ID: 3792 Provider Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Change Information: Change Type: Delete Filter Information: ID: {E6129EB3-1834-4BE2-B98F-E7F999D40502} Name: Malwarebytes Anti-Malware Type: Not persistent Run-Time ID: 129118 Layer Information: ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82} Name: ALE Connect v4 Layer Run-Time ID: 48 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 576460752303423488 Conditions: Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Match value: In range Condition value: 0x5cf1a8a7 - 0x5cf1a8a7 Filter Action: Block Record Number: 2053052 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120525134115.063003-000 Event Type: Audit Success User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 5447 Message: A Windows Filtering Platform filter has been changed. Subject: Security ID: S-1-5-18 Account Name: NT AUTHORITY\SYSTEM Process Information: Process ID: 3792 Provider Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Change Information: Change Type: Delete Filter Information: ID: {A889465D-3F30-4928-9BC9-788CD35C4F85} Name: Malwarebytes Anti-Malware Type: Not persistent Run-Time ID: 129117 Layer Information: ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650} Name: ALE Receive/Accept v4 Layer Run-Time ID: 44 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 576460752303423488 Conditions: Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Match value: In range Condition value: 0x5cf1a8c2 - 0x5cf1a8c2 Filter Action: Block Record Number: 2053051 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120525134115.063003-000 Event Type: Audit Success User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 5447 Message: A Windows Filtering Platform filter has been changed. Subject: Security ID: S-1-5-18 Account Name: NT AUTHORITY\SYSTEM Process Information: Process ID: 3792 Provider Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Change Information: Change Type: Delete Filter Information: ID: {2CFEF919-9146-4CBC-94B8-BFF0C53337DC} Name: Malwarebytes Anti-Malware Type: Not persistent Run-Time ID: 129116 Layer Information: ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82} Name: ALE Connect v4 Layer Run-Time ID: 48 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 576460752303423488 Conditions: Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Match value: In range Condition value: 0x5cf1a8c2 - 0x5cf1a8c2 Filter Action: Block Record Number: 2053050 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120525134115.031809-000 Event Type: Audit Success User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 5447 Message: A Windows Filtering Platform filter has been changed. Subject: Security ID: S-1-5-18 Account Name: NT AUTHORITY\SYSTEM Process Information: Process ID: 3792 Provider Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Change Information: Change Type: Delete Filter Information: ID: {AD7B517C-4F4B-416D-9E0E-A79175CC9A62} Name: Malwarebytes Anti-Malware Type: Not persistent Run-Time ID: 129115 Layer Information: ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650} Name: ALE Receive/Accept v4 Layer Run-Time ID: 44 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 576460752303423488 Conditions: Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Match value: In range Condition value: 0x5cf1a9fa - 0x5cf1a9fa Filter Action: Block Record Number: 2053049 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120525134115.031809-000 Event Type: Audit Success User: Computer Name: KZUSAND01.saintpaul.edu Event Code: 5447 Message: A Windows Filtering Platform filter has been changed. Subject: Security ID: S-1-5-18 Account Name: NT AUTHORITY\SYSTEM Process Information: Process ID: 3792 Provider Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Change Information: Change Type: Delete Filter Information: ID: {E3EE0696-8EE5-4E61-A272-24879CF251E0} Name: Malwarebytes Anti-Malware Type: Not persistent Run-Time ID: 129114 Layer Information: ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82} Name: ALE Connect v4 Layer Run-Time ID: 48 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 576460752303423488 Conditions: Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Match value: In range Condition value: 0x5cf1a9fa - 0x5cf1a9fa Filter Action: Block Record Number: 2053048 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120525134114.985017-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "UATDATA"=C:\Windows\system32\CCM\UATData\D9F8C395-CAB8-491d-B8AC-179A1FE1BE77 "asl.log"=Destination=file;OnFirstLog=command,environment,parent "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  11. mkruzel
    Here is log.txt Logfile of random's system information tool 1.09 (written by random/random) Run by kzusan at 2012-05-25 10:22:03 Microsoft Windows 7 Enterprise Service Pack 1 System drive C: has 109 GB (71%) free of 153 GB Total RAM: 2046 MB (43% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:22:30 AM, on 5/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\WINDOWS\system32\taskhost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\WINDOWS\system32\Dwm.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\WINDOWS\explorer.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\WINDOWS\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\WINDOWS\system32\conhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Users\kzusan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ65AEJC\RSIT.exe C:\Program Files\trend micro\kzusan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://local455jatc.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintpaul.edu/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintpaul.edu O17 - HKLM\Software\..\Telephony: DomainName = saintpaul.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = saintpaul.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = saintpaul.edu O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing) O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6366 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\At1.job =========Mozilla firefox========= ProfilePath - C:\Users\kzusan\AppData\Roaming\Mozilla\Firefox\Profiles\kf3beamp.default prefs.js - "browser.startup.homepage" - "http://local455jatc.com/" "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.2.202.235 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1] "Description"= "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL [2012-05-11 210872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-10-08 47904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-24 140520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP] C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"=Saint Paul College Acceptable Use Policy "legalnoticetext"=This computer is the property of Saint Paul College and the Minnesota State Colleges and Universities (“System”). It is available to authorized users only and its use is subject to System Policies and Procedures. You have no explicit or implicit expectation of privacy. The System reserves the right to monitor use of technology resources including all devices and the college network. System officials may access data on these technology resources, without notice, for business purposes. Unauthorized or improper use may result in legal and/or disciplinary action. The System may refer suspected violations of law to law enforcement. By using this system you indicate your consent to these terms and conditions. "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "HideSCAHealth"=1 "NoSMBalloonTip"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HideSCAHealth"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-05-25 10:22:04 ----D---- C:\Program Files\trend micro 2012-05-25 10:22:03 ----D---- C:\rsit 2012-05-25 08:57:34 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2012-05-25 08:52:20 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-05-25 08:26:12 ----A---- C:\WINDOWS\ntbtlog.txt 2012-05-25 08:23:54 ----D---- C:\Users\kzusan\AppData\Roaming\SPE 2012-05-25 08:23:54 ----A---- C:\WINDOWS\system32\drivers\SMR250.SYS 2012-05-24 14:28:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-05-24 14:28:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files\Java 2012-05-24 14:22:00 ----D---- C:\Program Files\Oracle 2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\npDeployJava1.dll 2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\javaws.exe 2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\javaw.exe 2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\java.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wininet.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wextract.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\webcheck.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\vbscript.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\urlmon.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\url.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\SetIEInstalledDate.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\RegisterIEPKEYs.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\pngfilt.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\occache.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msrating.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msls31.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmler.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmled.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtml.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshta.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeeds.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\licmgr10.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jsproxy.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript9.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\inseng.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\imgutil.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iexpress.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieUnatt.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieui.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesysprep.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesetup.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iertutil.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iernonce.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iepeers.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieframe.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dat 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakui.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieaksie.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakeng.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\IEAdvpack.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\icardie.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtrans.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\admparse.dll 2012-05-24 11:38:14 ----D---- C:\Users\kzusan\AppData\Roaming\Mozilla 2012-05-24 11:38:04 ----D---- C:\ProgramData\Mozilla 2012-05-24 11:38:03 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-05-24 11:38:00 ----D---- C:\Program Files\Mozilla Firefox 2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\drivers\WGX.SYS 2012-05-14 08:24:51 ----D---- C:\ProgramData\regid.1992_12.com.symantec 2012-05-14 08:24:11 ----D---- C:\WINDOWS\system32\drivers\SEP ======List of files/folders modified in the last 1 month====== 2012-05-25 10:22:04 ----RD---- C:\Program Files 2012-05-25 10:20:24 ----D---- C:\WINDOWS\system32\drivers 2012-05-25 10:18:59 ----D---- C:\Windows 2012-05-25 09:50:50 ----D---- C:\WINDOWS\Temp 2012-05-25 09:17:14 ----D---- C:\WINDOWS\System32 2012-05-25 09:00:25 ----SHD---- C:\WINDOWS\Installer 2012-05-25 08:59:30 ----SHD---- C:\System Volume Information 2012-05-25 08:52:25 ----D---- C:\WINDOWS\Tasks 2012-05-25 08:52:25 ----D---- C:\WINDOWS\system32\Tasks 2012-05-25 08:27:55 ----A---- C:\WINDOWS\SMSCFG.ini 2012-05-25 08:26:42 ----D---- C:\ProgramData\NVIDIA 2012-05-25 08:22:57 ----D---- C:\WINDOWS\inf 2012-05-25 08:22:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-05-25 08:14:36 ----D---- C:\WINDOWS\system32\config 2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files 2012-05-24 14:21:06 ----D---- C:\Program Files\Java 2012-05-24 14:05:48 ----HD---- C:\ProgramData 2012-05-24 14:01:48 ----D---- C:\WINDOWS\winsxs 2012-05-24 13:59:54 ----D---- C:\Program Files\Internet Explorer 2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\migration 2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\en-US 2012-05-24 13:59:53 ----D---- C:\WINDOWS\PolicyDefinitions 2012-05-24 13:59:28 ----D---- C:\WINDOWS\Logs 2012-05-24 13:59:08 ----D---- C:\WINDOWS\system32\catroot 2012-05-24 13:59:07 ----D---- C:\WINDOWS\system32\catroot2 2012-05-24 13:03:44 ----D---- C:\WINDOWS\Prefetch 2012-05-23 10:47:49 ----D---- C:\WINDOWS\system32\NDF 2012-05-16 08:20:28 ----D---- C:\Program Files\Common Files\Symantec Shared 2012-05-15 09:48:28 ----D---- C:\ProgramData\Symantec 2012-05-15 09:48:16 ----D---- C:\Program Files\Symantec 2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\SymVPN.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-11-14 43840] R0 rdyboost;ReadyBoost; C:\WINDOWS\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 SMR250;Symantec SMR Utility Service 2.5.0; C:\WINDOWS\System32\drivers\SMR250.SYS [2012-05-25 83064] R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS [2012-05-11 340088] R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS [2012-05-11 758904] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\WINDOWS\system32\drivers\vmbus.sys [2010-11-20 175360] R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120517.011\BHDrvx86.sys [2012-05-15 821880] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\WINDOWS\system32\drivers\csc.sys [2010-11-20 388096] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-05-22 374392] R1 IDSvix86;IDSvix86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120524.001\IDSvix86.sys [2012-05-15 368248] R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS [2012-05-11 522872] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS [2012-05-11 31864] R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS [2012-05-11 137336] R1 SYMNETS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMNETS.SYS [2012-05-11 299640] R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2009-07-13 8704] R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920] R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2011-11-10 263680] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-15 106104] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448] R3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [2012-05-25 28488] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2012-04-04 22344] R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVENG.SYS [2012-05-22 87928] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVEX15.SYS [2012-05-22 1589752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32v.sys [2011-05-25 139368] R3 prepdrvr;SMS Process Event Driver; \??\C:\Windows\system32\CCM\prepdrv.sys [2009-09-18 20848] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-05-14 127096] S3 aic78xx;aic78xx; C:\WINDOWS\system32\DRIVERS\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\drivers\amdagp.sys [2009-07-13 53312] S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTDVHDA.sys [2009-10-23 2747424] S3 pciide;pciide; C:\WINDOWS\system32\drivers\pciide.sys [2009-07-13 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\WINDOWS\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\WINDOWS\System32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 s3cap;s3cap; C:\WINDOWS\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\drivers\sisagp.sys [2009-07-13 52304] S3 storvsc;storvsc; C:\WINDOWS\system32\drivers\storvsc.sys [2010-11-20 28032] S3 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [] S3 Synth3dVsc;Synth3dVsc; C:\WINDOWS\System32\drivers\synth3dvsc.sys [] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\WINDOWS\System32\drivers\tsusbflt.sys [2010-11-20 52224] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496] S3 VGPU;VGPU; C:\WINDOWS\System32\drivers\rdvgkmd.sys [] S3 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\drivers\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\WINDOWS\system32\DRIVERS\viac7.sys [2009-07-13 52736] S3 VMBusHID;VMBusHID; C:\WINDOWS\system32\drivers\VMBusHID.sys [2010-11-20 17920] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2011-11-10 176128] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144] R2 CcmExec;SMS Agent Host; C:\Windows\system32\CCM\CcmExec.exe [2009-09-18 764768] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2011-05-25 615528] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2012-05-11 137224] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] R3 AppMgmt;@appmgmts.dll,-3250; C:\WINDOWS\system32\svchost.exe [2009-07-13 20992] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520] R3 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe [2012-05-11 1667328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 257696] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-20 129976] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992] S3 smstsmgr;SMS Task Sequence Agent; C:\Windows\system32\CCM\TSManager.exe [2009-09-18 246624] S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe [2012-05-11 280496] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\WINDOWS\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504] -----------------EOF-----------------
  12. mkruzel
    I also disabled Symantec Endpoint Protection 12.
  13. mkruzel
    Those are also getting blocked by the browsers.
  14. mkruzel
    When I try to download RogueKiller IE & Firefox delete the attachment. I tried renaming it and it says the publisher can't be verified.
  15. mkruzel
    I've got one computer that got the PUM.BadProxy virus. I removed it with Malwarebytes but it didn't prompt me to reboot so I rebooted anyway. After rebooting the computer still can't get to Google's search engine or Yahoo's search results but the computer can go out to other web pages. I tried installing Firefox 12 and still couldn't get to Google's site. I updated the Windows 7 computer to Internet Explorer 9 and that still didn't help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.