Jump to content

infected with Hijack.Shell.Gen

Tigerhawk247
 Share

Recommended Posts

Tigerhawk247

Tigerhawk247

Posted
Posted

Hi,

A friend gave me their computer to try and clean. I ran malwarebytes and it found a hijack.shell.gen infection. I also had run an eset scan and endpoint protection scans and have found various things. I'd like to make sure this machine is clean before I give it back. Here are the ddr log files.

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by JEISENBARTH at 11:09:16 on 2013-04-03

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3978.2313 [GMT -4:00]

.

AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\SysWOW64\SAsrv.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

C:\Windows\system32\wbem\unsecapp.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

C:\Windows\TEMP\fsprocsvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://r-net.rollins.edu/

uDefault_Page_URL = hxxp://r-net.rollins.edu

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableInstallerDetection = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 10.20.1.10 10.20.1.20

TCP: Interfaces\{0C4FE41A-0115-49D1-B72D-3727B5B9C211} : DHCPNameServer = 10.20.1.10 10.20.1.20

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-1-23 29512]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-3 16152]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2012-9-6 25448]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-6-4 15472]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-10-5 189424]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2013-1-23 198784]

R2 fsprocsvc;ForeScout Remote Inspection Service;C:\Windows\temp\fsprocsvc.exe [2013-4-1 196736]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-6-4 101736]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-6-4 133992]

R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-1-3 101888]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]

R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2013-1-23 446800]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-6-4 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-6-4 142696]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]

R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2013-1-3 166016]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-3 342528]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-10-5 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-10-5 84864]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-9-2 288256]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-1-23 44344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-1-23 320576]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-1-23 1666112]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-1-23 1665088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-3 19456]

S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-1-3 41272]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-3 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-3 30208]

.

=============== Created Last 30 ================

.

2013-04-03 14:03:09 -------- d-----w- C:\Program Files (x86)\ESET

2013-04-03 13:06:20 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33AD8A3F-7FF9-4992-81B1-B309EBCB5789}\offreg.dll

2013-04-03 13:01:03 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE8F0298-4402-48A0-B917-306DCF2C0F28}\gapaengine.dll

2013-04-03 13:01:00 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33AD8A3F-7FF9-4992-81B1-B309EBCB5789}\mpengine.dll

2013-04-03 13:00:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-04-03 13:00:21 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-04-02 02:25:45 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-02 02:25:44 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-02 02:25:43 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-02 02:24:18 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-02 02:24:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-02 02:20:17 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-02 02:15:37 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-04-02 02:15:37 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-04-02 02:15:37 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-04-02 02:15:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-04-02 02:15:11 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-02 02:15:11 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-02 02:12:43 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-04-02 02:12:43 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-04-02 02:11:04 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-04-02 02:11:04 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-04-02 02:11:04 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-04-02 02:11:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-04-02 02:11:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-04-02 02:11:03 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-04-02 02:09:14 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-04-02 02:09:14 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-04-02 02:08:16 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-04-02 02:08:16 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-04-02 02:06:59 441856 ----a-w- C:\Windows\System32\Wpc.dll

2013-04-02 02:06:59 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2013-04-02 02:06:20 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-04-02 02:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-04-02 02:06:19 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-04-02 02:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-04-02 02:02:54 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2013-04-02 02:02:33 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-04-01 20:23:06 -------- d-----w- C:\Users\jeisenbarth\AppData\Roaming\Malwarebytes

2013-04-01 19:57:18 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-01 15:13:51 -------- d-----w- C:\Users\jeisenbarth\AppData\Local\temp

2013-04-01 15:10:07 98816 ----a-w- C:\Windows\sed.exe

2013-04-01 15:10:07 256000 ----a-w- C:\Windows\PEV.exe

2013-04-01 15:10:07 208896 ----a-w- C:\Windows\MBR.exe

2013-04-01 14:51:17 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-01 14:51:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-01 14:51:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-31 19:55:53 -------- d-----w- C:\ProgramData\esy

.

==================== Find3M ====================

.

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-13 14:30:20 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 14:30:20 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-03 18:11:39 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2013-01-03 18:11:39 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-01-03 18:11:33 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-03 18:11:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 11:09:24.18 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/3/2013 11:33:10 AM

System Uptime: 4/3/2013 8:47:17 AM (3 hours ago)

.

Motherboard: LENOVO | | 4174WDC

Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 77.958 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

Conexant 20672 SmartAudio HD

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dolby Home Theater v4

Google Chrome

Google Update Helper

Intel PROSet Wireless

Intel® Processor Graphics

Intel® WiDi

Intel® Wireless Display

Intel® PROSet/Wireless WiFi Software

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Power Management Driver

Lenovo Screen Reading Optimizer

Lenovo System Interface Driver

Lenovo System Update

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Forefront Endpoint Protection 2010 Server Management

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

On Screen Display

Power Manager

Renesas Electronics USB 3.0 Host Controller Driver

RICOH_Media_Driver_v2.14.18.01

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.1

System Center 2012 Endpoint Protection

ThinkPad FullScreen Magnifier

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VLC media player 2.0.1

.

==== Event Viewer Messages From Past Week ========

.

4/3/2013 8:47:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/3/2013 8:47:32 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

4/1/2013 3:22:31 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

4/1/2013 11:12:51 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/31/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.781.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/31/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.781.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/31/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.773.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/30/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.759.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/30/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.746.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/30/2013 10:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.746.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/30/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.724.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/29/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.712.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/29/2013 2:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/29/2013 10:03:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/29/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.663.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/28/2013 6:03:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.651.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/28/2013 2:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.626.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/28/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.626.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/28/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.594.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/27/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.578.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/27/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.552.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/27/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.552.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/27/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.515.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

Thanks for your help,

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy there.

Please post the most recent Malwarebytes Logfile logside other logfiles from ESET where I can see what has been found.

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

Link to post
Share on other sites
Tigerhawk247

Tigerhawk247

Posted
  • Author
Posted

Hi,

Here is the log for malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.01.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jeisenbarth :: R9K47YN [administrator]

4/1/2013 4:23:27 PM

mbam-log-2013-04-01 (16-23-27).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 361500

Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\jeisenbarth\AppData\Roaming\id.cff,explorer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and here is the eset scan

C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Users\jeisenbarth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\666a625e-65cb1520 a variant of Java/Exploit.CVE-2013-0431.I trojan cleaned by deleting - quarantined

C:\Users\jeisenbarth\Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\jeisenbarth\Pictures\Danielle\MyFunCardsSetup2.3.50.57.SA.HP.ZUfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

System Center 2012 Endpoint protection also found something that it removed on the full scan:

Items:

file:C:\Users\jeisenbarth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJQNW44G\q[1].htm

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

I dont see something which should need my attention.

Most of them are in the Java Cache and in Temp. Lets delete them as well.

Please download TFC by OldTimer to your desktop.

  • Close any open windows.
  • Please double-click TFC.exe to run it.
    Vista and Win7 Users: Please right-click on the file and choose Run As Administrator.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
  • Once it's finished it should automatically reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

Link to post
Share on other sites
Tigerhawk247

Tigerhawk247

Posted
  • Author
Posted

I ran and restarted it. I forgot to mention though, I had to originally run malwarebytes from the actual administrator account since I didn't have his login info for his machine. It had found some other items as well. Here is the attached log file:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.01.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Administrator :: R9K47YN [administrator]

4/1/2013 10:51:57 AM

mbam-log-2013-04-01 (10-51-57).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 357702

Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\jeisenbarth\AppData\Local\Temp\DD31.tmp (Trojan.Ransom.WL) -> Quarantined and deleted successfully.

C:\Users\jeisenbarth\AppData\Roaming\id.cff (Trojan.Ransom.WL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Download OTL to your Desktop.

  • Please change the following settings.
    • In the Extra Registry group check Use SafeList.
    • Underneath Output at the top change it to Minimal Output.
    • In the File Scans group check Use Company- Name Whitelist, Skip Microsoft Files and Use No Company Name Whitelist

    [*] Make sure all other windows are closed to let it run uninterrupted.

    [*] Click on the Run Scan Button.

    [*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both in your next reply.

Link to post
Share on other sites
Tigerhawk247

Tigerhawk247

Posted
  • Author
Posted

Here are the files:

OTL.txt

OTL logfile created on: 4/3/2013 3:00:17 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jeisenbarth\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.76% Memory free

7.77 Gb Paging File | 6.46 Gb Available in Paging File | 83.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 118.94 Gb Total Space | 78.91 Gb Free Space | 66.34% Space Free | Partition Type: NTFS

Computer Name: R9K47YN | User Name: JEISENBARTH | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jeisenbarth\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)

SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)

SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)

SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)

SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (fsprocsvc) -- C:\Windows\temp\fsprocsvc.exe (ForeScout)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)

SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)

SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)

SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)

DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)

DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)

DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)

DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)

DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://r-net.rollins.edu

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r-net.rollins.edu/

IE - HKCU\..\SearchScopes,DefaultScope = {A8A96F24-6E7E-4AA7-ABEE-84FE3016D645}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{A8A96F24-6E7E-4AA7-ABEE-84FE3016D645}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2013/01/11 16:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://r-net.rollins.edu/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: rollins.edu ([foxlink] https in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.1.10 10.20.1.20

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rollins.edu

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4FE41A-0115-49D1-B72D-3727B5B9C211}: DhcpNameServer = 10.20.1.10 10.20.1.20

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/03 14:58:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\OTL.exe

[2013/04/03 12:01:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\TFC.exe

[2013/04/03 11:08:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jeisenbarth\Desktop\dds.scr

[2013/04/03 09:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/04/03 09:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/04/01 16:56:55 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022

[2013/04/01 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\AppData\Roaming\Malwarebytes

[2013/04/01 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2013/04/01 15:57:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/04/01 11:13:51 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/04/01 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\AppData\Local\temp

[2013/04/01 11:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/04/01 11:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/04/01 11:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/04/01 11:10:04 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/01 11:09:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/04/01 10:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/01 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/01 10:51:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/01 10:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/03/31 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\esy

[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 14:58:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\OTL.exe

[2013/04/03 14:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/03 14:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/03 12:12:58 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/03 12:10:40 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/03 12:10:40 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/03 12:08:10 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/03 12:08:10 | 000,662,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/03 12:08:10 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/03 12:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/03 12:03:29 | 3128,610,816 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/03 12:01:15 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\TFC.exe

[2013/04/03 11:08:53 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jeisenbarth\Desktop\dds.scr

[2013/04/03 09:00:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/04/03 09:00:23 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/04/03 08:47:31 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/01 16:56:28 | 012,894,739 | ---- | M] () -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022.zip

[2013/04/01 10:51:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/01 10:22:01 | 000,007,656 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/03 09:00:22 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center 2012 Endpoint Protection.lnk

[2013/04/01 16:56:26 | 012,894,739 | ---- | C] () -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022.zip

[2013/04/01 11:10:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/04/01 11:10:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/04/01 11:10:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/04/01 11:10:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/04/01 11:10:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/04/01 10:51:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/09 10:44:03 | 000,003,586 | RHS- | C] () -- C:\Users\jeisenbarth\ntuser.pol

[2013/01/03 15:18:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2013/01/03 15:18:25 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2013/01/03 15:18:25 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2013/01/03 12:46:00 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/03 12:34:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

[2013/01/03 12:33:35 | 000,007,656 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

extras.txt

OTL Extras logfile created on: 4/3/2013 3:00:17 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jeisenbarth\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.76% Memory free

7.77 Gb Paging File | 6.46 Gb Available in Paging File | 83.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 118.94 Gb Total Space | 78.91 Gb Free Space | 66.34% Space Free | Partition Type: NTFS

Computer Name: R9K47YN | User Name: JEISENBARTH | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"139:TCP:*:enabled:forescout139" = 139:TCP:*:enabled:forescout139

"445:TCP:*:enabled:forescout445" = 445:TCP:*:enabled:forescout445

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"139:TCP:*:enabled:forescout139" = 139:TCP:*:enabled:forescout139

"445:TCP:*:enabled:forescout445" = 445:TCP:*:enabled:forescout445

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{72926AE7-1900-40BF-ABDC-4BD095B175D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{AF396CC8-7CC7-45D0-BF16-412CC97353E7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04F21C9D-51D2-4490-8F72-0D74ABD16EDE}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |

"{114D8043-109E-4DD6-B8B9-FB2F69958EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{1BFF2159-9943-499A-9D42-9A80884131CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2F348BA8-78CB-4BDE-B3D0-83D04A335D5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{87048012-BF46-4D37-83D6-B652A1C44539}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

"{B10A8856-44D9-4310-AE00-ACAE57C0E3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

"{B16929EC-555D-447F-BDF8-41B3AC55C87D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{E9013587-166F-4769-A7B5-D0F39EDD8E99}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

"{F1CE8CF4-2713-4E1D-AC3F-351F3E0C1307}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{F4EF6891-E76E-4C52-9A9B-7C7C62842149}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit

"{0C243024-B7AF-478B-B6F1-574A4AB0E07C}" = Microsoft Antimalware

"{0E0818E4-C87B-4211-9791-E958BD34B96C}" = Microsoft Forefront Endpoint Protection 2010 Server Management

"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4C7F9B08-C9B2-42EA-93F7-5A3093430450}" = Microsoft Security Client

"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel® WiDi

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = System Center 2012 Endpoint Protection

"OnScreenDisplay" = On Screen Display

"Power Management Driver" = Lenovo Power Management Driver

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1B5BB58F-15F7-4224-A943-7CF354C5BB1C}" =

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Google Chrome" = Google Chrome

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"VLC media player" = VLC media player 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/29/2013 6:41:05 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting

process id: 0x25b0 Faulting application start time: 0x01ce2ccd9189bdba Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: bd09b80f-98c1-11e2-ad98-60d819be0ebd

Error - 3/29/2013 6:41:37 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting

process id: 0x5584 Faulting application start time: 0x01ce2cce81b04533 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: d08f00a1-98c1-11e2-ad98-60d819be0ebd

Error - 3/31/2013 4:09:11 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/1/2013 6:48:29 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/1/2013 10:21:51 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/1/2013 11:07:04 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/1/2013 3:24:38 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/1/2013 4:22:10 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000

Description = Faulting application name: jre-7u17-windows-i586-iftw.exe, version:

7.0.170.2, time stamp: 0x5130bc23 Faulting module name: JavaIC.dll, version: 1.2.0.0,

time stamp: 0x503c027e Exception code: 0xc0000417 Fault offset: 0x0000534b Faulting

process id: 0x4ec Faulting application start time: 0x01ce2f168a332cf3 Faulting application

path: C:\Users\JEISEN~1\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe Faulting

module path: C:\Users\JEISEN~1\AppData\Local\Temp\JavaIC.dll Report Id: d42fa273-9b09-11e2-85fd-60d819be0ebd

Error - 4/3/2013 8:47:34 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

Error - 4/3/2013 12:03:38 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 4/1/2013 10:21:50 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ROLLINS due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 4/1/2013 11:07:02 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ROLLINS due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 4/1/2013 11:11:49 AM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/1/2013 11:12:51 AM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/1/2013 3:22:31 PM | Computer Name = R9K47YN.Rollins.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 4/1/2013 3:24:36 PM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ROLLINS due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 4/3/2013 8:47:32 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ROLLINS due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 4/3/2013 8:47:44 AM | Computer Name = R9K47YN.Rollins.edu | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/3/2013 12:01:41 PM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7034

Description = The On Screen Display service terminated unexpectedly. It has done

this 1 time(s).

Error - 4/3/2013 12:03:37 PM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ROLLINS due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

< End of report >

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Than you are good to go.

Please download delfix to your Desktop.

  • Close all running programms.
  • Doubleclick on the delfix.exe
  • Make sure that all options are checked.
  • Click Start.

This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*] Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.