Question about PUM.BadProxy

[mkruzel]

I've got one computer that got the PUM.BadProxy virus. I removed it with Malwarebytes but it didn't prompt me to reboot so I rebooted anyway. After rebooting the computer still can't get to Google's search engine or Yahoo's search results but the computer can go out to other web pages. I tried installing Firefox 12 and still couldn't get to Google's site. I updated the Windows 7 computer to Internet Explorer 9 and that still didn't help.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

[mkruzel]

When I try to download RogueKiller IE & Firefox delete the attachment. I tried renaming it and it says the publisher can't be verified.

[MrCharlie]

Can you run the DDS scans?? MrC

[mkruzel]

Those are also getting blocked by the browsers.

[mkruzel]

I also disabled Symantec Endpoint Protection 12.

[MrCharlie]

OK, please do this:

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
  

Make sure that RSIT.exe is on the your Desktop before running the application!

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open:
  
• log.txt will be opened maximized.
  
• info.txt will be opened minimized.
  
• Please post them, MrC
  

[mkruzel]

Here is log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by kzusan at 2012-05-25 10:22:03

Microsoft Windows 7 Enterprise Service Pack 1

System drive C: has 109 GB (71%) free of 153 GB

Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:22:30 AM, on 5/25/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\taskhost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\WINDOWS\system32\Dwm.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\WINDOWS\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\WINDOWS\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Users\kzusan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ65AEJC\RSIT.exe

C:\Program Files\trend micro\kzusan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://local455jatc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintpaul.edu/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintpaul.edu

O17 - HKLM\Software\..\Telephony: DomainName = saintpaul.edu

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = saintpaul.edu

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = saintpaul.edu

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)

O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6366 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\At1.job

=========Mozilla firefox=========

ProfilePath - C:\Users\kzusan\AppData\Roaming\Mozilla\Firefox\Profiles\kf3beamp.default

prefs.js - "browser.startup.homepage" - "http://local455jatc.com/"

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]

"Description"=

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]

"Description"=NVIDIA stereo images plugin for Mozilla browsers

"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]

"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL [2012-05-11 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-10-08 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-24 140520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP]

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=Saint Paul College Acceptable Use Policy

"legalnoticetext"=This computer is the property of Saint Paul College and the Minnesota State Colleges and Universities (“System”). It is available to authorized users only and its use is subject to System Policies and Procedures. You have no explicit or implicit expectation of privacy. The System reserves the right to monitor use of technology resources including all devices and the college network. System officials may access data on these technology resources, without notice, for business purposes. Unauthorized or improper use may result in legal and/or disciplinary action. The System may refer suspected violations of law to law enforcement. By using this system you indicate your consent to these terms and conditions.

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"HideSCAHealth"=1

"NoSMBalloonTip"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-25 10:22:04 ----D---- C:\Program Files\trend micro

2012-05-25 10:22:03 ----D---- C:\rsit

2012-05-25 08:57:34 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2012-05-25 08:52:20 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-05-25 08:26:12 ----A---- C:\WINDOWS\ntbtlog.txt

2012-05-25 08:23:54 ----D---- C:\Users\kzusan\AppData\Roaming\SPE

2012-05-25 08:23:54 ----A---- C:\WINDOWS\system32\drivers\SMR250.SYS

2012-05-24 14:28:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-05-24 14:28:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files\Java

2012-05-24 14:22:00 ----D---- C:\Program Files\Oracle

2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\npDeployJava1.dll

2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\javaws.exe

2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\javaw.exe

2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\java.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wininet.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wextract.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\webcheck.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\vbscript.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\urlmon.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\url.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\SetIEInstalledDate.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\RegisterIEPKEYs.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\pngfilt.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\occache.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msrating.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msls31.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmler.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmled.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtml.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshta.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedssync.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeeds.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\licmgr10.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jsproxy.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript9.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\inseng.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\imgutil.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iexpress.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieUnatt.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieui.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesysprep.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesetup.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iertutil.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iernonce.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iepeers.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieframe.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dat

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakui.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieaksie.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakeng.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\IEAdvpack.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\icardie.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtrans.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\admparse.dll

2012-05-24 11:38:14 ----D---- C:\Users\kzusan\AppData\Roaming\Mozilla

2012-05-24 11:38:04 ----D---- C:\ProgramData\Mozilla

2012-05-24 11:38:03 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-05-24 11:38:00 ----D---- C:\Program Files\Mozilla Firefox

2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\drivers\WGX.SYS

2012-05-14 08:24:51 ----D---- C:\ProgramData\regid.1992_12.com.symantec

2012-05-14 08:24:11 ----D---- C:\WINDOWS\system32\drivers\SEP

======List of files/folders modified in the last 1 month======

2012-05-25 10:22:04 ----RD---- C:\Program Files

2012-05-25 10:20:24 ----D---- C:\WINDOWS\system32\drivers

2012-05-25 10:18:59 ----D---- C:\Windows

2012-05-25 09:50:50 ----D---- C:\WINDOWS\Temp

2012-05-25 09:17:14 ----D---- C:\WINDOWS\System32

2012-05-25 09:00:25 ----SHD---- C:\WINDOWS\Installer

2012-05-25 08:59:30 ----SHD---- C:\System Volume Information

2012-05-25 08:52:25 ----D---- C:\WINDOWS\Tasks

2012-05-25 08:52:25 ----D---- C:\WINDOWS\system32\Tasks

2012-05-25 08:27:55 ----A---- C:\WINDOWS\SMSCFG.ini

2012-05-25 08:26:42 ----D---- C:\ProgramData\NVIDIA

2012-05-25 08:22:57 ----D---- C:\WINDOWS\inf

2012-05-25 08:22:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-05-25 08:14:36 ----D---- C:\WINDOWS\system32\config

2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files

2012-05-24 14:21:06 ----D---- C:\Program Files\Java

2012-05-24 14:05:48 ----HD---- C:\ProgramData

2012-05-24 14:01:48 ----D---- C:\WINDOWS\winsxs

2012-05-24 13:59:54 ----D---- C:\Program Files\Internet Explorer

2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\migration

2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\en-US

2012-05-24 13:59:53 ----D---- C:\WINDOWS\PolicyDefinitions

2012-05-24 13:59:28 ----D---- C:\WINDOWS\Logs

2012-05-24 13:59:08 ----D---- C:\WINDOWS\system32\catroot

2012-05-24 13:59:07 ----D---- C:\WINDOWS\system32\catroot2

2012-05-24 13:03:44 ----D---- C:\WINDOWS\Prefetch

2012-05-23 10:47:49 ----D---- C:\WINDOWS\system32\NDF

2012-05-16 08:20:28 ----D---- C:\Program Files\Common Files\Symantec Shared

2012-05-15 09:48:28 ----D---- C:\ProgramData\Symantec

2012-05-15 09:48:16 ----D---- C:\Program Files\Symantec

2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\SymVPN.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-11-14 43840]

R0 rdyboost;ReadyBoost; C:\WINDOWS\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 SMR250;Symantec SMR Utility Service 2.5.0; C:\WINDOWS\System32\drivers\SMR250.SYS [2012-05-25 83064]

R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS [2012-05-11 340088]

R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS [2012-05-11 758904]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\WINDOWS\system32\drivers\vmbus.sys [2010-11-20 175360]

R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120517.011\BHDrvx86.sys [2012-05-15 821880]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\WINDOWS\system32\drivers\csc.sys [2010-11-20 388096]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-05-22 374392]

R1 IDSvix86;IDSvix86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120524.001\IDSvix86.sys [2012-05-15 368248]

R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS [2012-05-11 522872]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS [2012-05-11 31864]

R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS [2012-05-11 137336]

R1 SYMNETS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMNETS.SYS [2012-05-11 299640]

R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2009-07-13 8704]

R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]

R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-15 106104]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]

R3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [2012-05-25 28488]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2012-04-04 22344]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVENG.SYS [2012-05-22 87928]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVEX15.SYS [2012-05-22 1589752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32v.sys [2011-05-25 139368]

R3 prepdrvr;SMS Process Event Driver; \??\C:\Windows\system32\CCM\prepdrv.sys [2009-09-18 20848]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-05-14 127096]

S3 aic78xx;aic78xx; C:\WINDOWS\system32\DRIVERS\djsvs.sys [2009-07-13 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\drivers\amdagp.sys [2009-07-13 53312]

S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTDVHDA.sys [2009-10-23 2747424]

S3 pciide;pciide; C:\WINDOWS\system32\drivers\pciide.sys [2009-07-13 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\WINDOWS\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\WINDOWS\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 s3cap;s3cap; C:\WINDOWS\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\drivers\sisagp.sys [2009-07-13 52304]

S3 storvsc;storvsc; C:\WINDOWS\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []

S3 Synth3dVsc;Synth3dVsc; C:\WINDOWS\System32\drivers\synth3dvsc.sys []

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\WINDOWS\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]

S3 VGPU;VGPU; C:\WINDOWS\System32\drivers\rdvgkmd.sys []

S3 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\drivers\viaagp.sys [2009-07-13 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\WINDOWS\system32\DRIVERS\viac7.sys [2009-07-13 52736]

S3 VMBusHID;VMBusHID; C:\WINDOWS\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2011-11-10 176128]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 CcmExec;SMS Agent Host; C:\Windows\system32\CCM\CcmExec.exe [2009-09-18 764768]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2011-05-25 615528]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2012-05-11 137224]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

R3 AppMgmt;@appmgmts.dll,-3250; C:\WINDOWS\system32\svchost.exe [2009-07-13 20992]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520]

R3 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe [2012-05-11 1667328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-20 129976]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 smstsmgr;SMS Task Sequence Agent; C:\Windows\system32\CCM\TSManager.exe [2009-09-18 246624]

S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe [2012-05-11 280496]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\WINDOWS\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]

S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

-----------------EOF-----------------

[mkruzel]

Here is info.txt

info.txt logfile of random's system information tool 1.09 2012-05-25 10:22:37

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin

Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Shockwave Player 11.5-->MsiExec.exe /X{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

DesignPro 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{32821558-2C36-4FD0-A891-CA65360B0EC7}

Elvis Calendar Widget-->msiexec /qb /x {C360F0C7-53DD-71D3-310C-3307AEB0F409}

Elvis Calendar Widget-->MsiExec.exe /I{C360F0C7-53DD-71D3-310C-3307AEB0F409}

iTunes-->MsiExec.exe /I{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}

Java 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}

JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

NVIDIA 3D Vision Controller Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB

NVIDIA 3D Vision Controller Driver-->"C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly

NVIDIA 3D Vision Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision

NVIDIA Graphics Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio Driver 1.2.23.3-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA PhysX System Software 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

NVIDIA Update 1.3.5-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update

PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall

QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

Related Math Interactive Training-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UA\RMT\Uninst.isu"

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Safari-->MsiExec.exe /I{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Symantec Endpoint Protection-->MsiExec.exe /I{FA689023-0B72-4771-98A6-A1C927E58207}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {97FF6C46-CE3A-47F6-BA6B-3D743ACA4054}

Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}

Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}

Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

======System event log======

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 10016

Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 102991

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20120404140253.000000-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 129

Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Record Number: 102983

Source Name: Microsoft-Windows-Time-Service

Time Written: 20120404140208.102169-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 129

Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Record Number: 102982

Source Name: Microsoft-Windows-Time-Service

Time Written: 20120404140206.588967-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 1129

Message: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Record Number: 102965

Source Name: Microsoft-Windows-GroupPolicy

Time Written: 20120404140155.986524-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5719

Message: This computer was not able to set up a secure session with a domain controller in domain MAIL due to the following:

There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Record Number: 102947

Source Name: NETLOGON

Time Written: 20120404140154.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 3 files inside c:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20555

Source Name: Symantec AntiVirus

Time Written: 20120307162644.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20554

Source Name: Symantec AntiVirus

Time Written: 20120307162643.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20553

Source Name: Symantec AntiVirus

Time Written: 20120307162641.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 3 files inside c:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20552

Source Name: Symantec AntiVirus

Time Written: 20120307162636.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-C\ProPlsWW.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20551

Source Name: Symantec AntiVirus

Time Written: 20120307162633.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {E6129EB3-1834-4BE2-B98F-E7F999D40502}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129118

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8a7 - 0x5cf1a8a7

Filter Action: Block

Record Number: 2053052

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.063003-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {A889465D-3F30-4928-9BC9-788CD35C4F85}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129117

Layer Information:

ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650}

Name: ALE Receive/Accept v4 Layer

Run-Time ID: 44

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8c2 - 0x5cf1a8c2

Filter Action: Block

Record Number: 2053051

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.063003-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {2CFEF919-9146-4CBC-94B8-BFF0C53337DC}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129116

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8c2 - 0x5cf1a8c2

Filter Action: Block

Record Number: 2053050

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.031809-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {AD7B517C-4F4B-416D-9E0E-A79175CC9A62}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129115

Layer Information:

ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650}

Name: ALE Receive/Accept v4 Layer

Run-Time ID: 44

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a9fa - 0x5cf1a9fa

Filter Action: Block

Record Number: 2053049

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.031809-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {E3EE0696-8EE5-4E61-A272-24879CF251E0}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129114

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a9fa - 0x5cf1a9fa

Filter Action: Block

Record Number: 2053048

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134114.985017-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"UATDATA"=C:\Windows\system32\CCM\UATData\D9F8C395-CAB8-491d-B8AC-179A1FE1BE77

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[MrCharlie]

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[mkruzel]

It is fixed. I read on another newsgroup that a user got an infected Word 2007 template and so I updated her machine to Office 2010 and rebooted. I logged in with her account and another account and the computer can get to Google, Bing, Yahoo and produce search results. Thanks MrC for all your help!

[MrCharlie]

OK, Thanks for letting me know......MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!