Hi,
This is a problem on my partner's laptop. During browsing some sites yesterday, I mistakenly accepted the prompt to run some exe as it contained Adobe in the file name and I assumed it is one of the regular Adobe Flash updates.
It appears since running that application, Symantec Endpoint protection is repeatedly detecting some files with Trojan.Gen.2 infection but a scan is not detecting anything. Based on some initial research I identified the files d:\users\<userid>\AppData\Local\{ba9b7957-be21-fe46-c445-52fb1e09fdd3}\n. and similar folder in c:\windows\installer folder.
I have disabled internet on that laptop since last night when I detected this infection and posting this from other machine.
I have included the DDS log below:
DDS.Log
------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by 08600549 at 14:41:29 on 2012-05-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.3176.2379 [GMT 10:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
https://hpps-dailyblue.wikispaces.com/uDefault_Page_URL =
https://hpps-dailyblue.wikispaces.com/uInternet Settings,ProxyOverride = 10.138.72.*;10.163.24.36;10.*;vcaa;<local>
uInternet Settings,ProxyServer = edupass:800
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus CX5900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibip.exe /fu "c:\windows\temp\E_S48DE.tmp" /EF "HKCU"
uRun: [\\bkhdd\EPSONStylusCX5900] c:\windows\system32\spool\drivers\w32x86\3\e_fatibip.exe /fu "c:\windows\temp\E_S31B6.tmp" /EF "HKCU"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [eduSTAR Student Navigator] "c:\program files\edustar\edustar student navigator\WPFStudentDockExpression.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [tbdaemon] c:\program files\teamboard\tbdaemon.exe
mRun: [aidaemon] c:\program files\teamboard\aidaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\drawsrv.lnk - c:\program files\teamboard\draw\drawsrv.exe
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - c:\windows\system32\proxypal.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{18F9BBD0-7CDD-4F44-BCB9-7628A68000CC} : DhcpNameServer = 10.188.66.103 10.176.66.71
TCP: Interfaces\{BA60041E-66FA-4357-821D-9D80A0334AAE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BA60041E-66FA-4357-821D-9D80A0334AAE}\2496C6C637 : DhcpNameServer = 203.166.122.153 203.166.122.166
TCP: Interfaces\{BA60041E-66FA-4357-821D-9D80A0334AAE}\25567656E636970274164756771697 : DhcpNameServer = 203.12.160.35 203.12.160.36
TCP: Interfaces\{BA60041E-66FA-4357-821D-9D80A0334AAE}\56465735451425 : DhcpNameServer = 10.138.72.40 10.138.72.42
TCP: Interfaces\{EE56947C-0FDE-4D68-863F-87AF549AB20F} : DhcpNameServer = 10.138.72.40 10.138.72.42
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\08600549\appdata\roaming\mozilla\firefox\profiles\mrzilgme.default\
FF - prefs.js: browser.startup.homepage - hxxps://hpps-dailyblue.wikispaces.com/
FF - prefs.js: network.proxy.ftp - edupass
FF - prefs.js: network.proxy.ftp_port - 800
FF - prefs.js: network.proxy.http - edupass
FF - prefs.js: network.proxy.http_port - 800
FF - prefs.js: network.proxy.socks - edupass
FF - prefs.js: network.proxy.socks_port - 800
FF - prefs.js: network.proxy.ssl - edupass
FF - prefs.js: network.proxy.ssl_port - 800
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.3.2427702\npmathplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-8-12 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-13 20592]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-11 1846592]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-6-20 41088]
R3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [2012-2-8 110952]
R3 upddvh;Touch-Base Serial Multi-touch Driver;c:\windows\system32\drivers\UPDDVH.SYS [2012-2-8 25576]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-6-20 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eduSTAR Student Navigator Service;eduSTAR Student Navigator Service;c:\program files\edustar\edustar student navigator\StudentNavigatorService.exe [2011-3-28 16384]
S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-8-12 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-6-20 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-8-12 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-6-20 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-8-12 148840]
S2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2011-11-7 141928]
S2 tbupddwu;tbupddwu;c:\program files\teamboard\TBUPDDWU.EXE [2012-2-8 933888]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-6-20 99328]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-6-20 64440]
S2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2010-5-9 241152]
S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-6-20 130944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-8-12 367656]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-8-12 292200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-6-20 7434240]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-8-12 83304]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-6-20 246888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-20 322664]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-29 11:56:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-25 09:24:06 -------- d-----w- d:\users\08600549\Tracing
2012-05-25 03:29:08 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-25 03:29:08 -------- d-sh--w- d:\users\08600549\appdata\local\{ba9b7957-be21-fe46-c445-52fb1e09fdd3}
2012-05-25 03:21:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-25 03:21:14 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-25 03:19:57 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-25 03:19:56 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-25 03:19:54 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-25 03:19:54 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-25 03:19:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-25 03:19:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-25 03:19:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-25 03:19:12 67072 ----a-w- c:\windows\system32\packager.dll
2012-05-25 03:18:56 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-25 03:18:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-25 03:18:55 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-25 03:18:44 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-25 03:18:32 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-05-25 03:18:32 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-25 03:18:32 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-25 03:18:32 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-25 03:18:18 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-25 03:17:47 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-25 03:17:47 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-25 03:09:18 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-25 03:08:10 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-19 11:44:26 -------- d-----w- d:\users\08600549\appdata\local\{DE50C4D9-FF43-44B5-8AB9-50BB6C21827E}
2012-05-16 05:13:56 -------- d-----w- d:\users\08600549\appdata\local\Flip Video
2012-05-09 01:10:08 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-05-08 11:13:18 90112 ----a-w- c:\windows\unvise32.exe
2012-05-08 11:12:40 -------- d-----w- c:\program files\WriteTools
2012-05-03 02:13:08 147512 ----a-w- c:\windows\system32\temp.00F
2012-05-03 02:13:07 598288 ----a-w- c:\windows\system32\temp.00A
2012-05-03 02:13:07 22288 ----a-w- c:\windows\system32\temp.00D
2012-05-03 02:13:07 17920 ----a-w- c:\windows\system32\temp.009
2012-05-03 02:13:07 164112 ----a-w- c:\windows\system32\temp.00B
2012-05-03 02:13:07 147728 ----a-w- c:\windows\system32\temp.00C
2012-05-03 02:13:07 10000 ----a-w- c:\windows\system32\temp.00E
2012-05-03 02:13:06 1386496 ----a-w- c:\windows\system32\temp.008
.
==================== Find3M ====================
.
2012-05-29 11:56:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 01:05:48 129784 ------w- c:\windows\system32\pxafs.dll
2012-05-09 01:05:48 116472 ------w- c:\windows\system32\pxcpyi64.exe
2012-05-09 01:05:47 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2012-05-09 01:05:47 118520 ------w- c:\windows\system32\pxinsi64.exe
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
.
============= FINISH: 14:41:51.33 ===============
Attach.txt
----------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2011 11:33:29 AM
System Uptime: 30/05/2012 10:48:38 AM (4 hours ago)
.
Motherboard: LENOVO | | 7827AE6
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2095/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 12.256 GiB free.
D: is FIXED (NTFS) - 153 GiB total, 111.933 GiB free.
E: is FIXED (NTFS) - 30 GiB total, 29.9 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity
Blender
Bonjour
Broadcom InConcert Maestro
CDBurnerXP
Chemistry Add-in for Word
CutePDF Writer
D3DX10
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Flick
eduSTAR Student Navigator
EPSON Printer Software
FlipShare
FormatFactory 2.70
FreeCAD 0.10
FreeMind
Game Maker
GCompris Uninstall
Genius Maker Free Edition
GeoGebra
GIMPshop 2.2.8
Google SketchUp 8
HandBrake 0.9.5
Inkscape 0.48.0
InkSeine
IrfanView (remove only)
iTunes
Java(TM) 6 Update 26
Kahootz 3
Kahootz v2
Learning Content Development System
Learning Essentials for Microsoft Office
LEGO Digital Designer
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Mathematica Extras 8.0 (2427702)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Interactive Classroom
Microsoft Math
Microsoft Math Worksheet Generator
Microsoft Mathematics
Microsoft Mouse Mischief
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Research AutoCollage 2008 Academic Edition
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Silverlight PivotViewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student with Encarta Premium 2009
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MonkeyJam
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVCRT
Nvu
On Screen Display
Paint.NET v3.5.8
Pencil
Photo Story 3 for Windows
Picasa 3
Pivot Stickfigure Animator
pptPlex from Microsoft Office Labs
ProxyPal Uninstall
Python 2.6 pygame-1.9.1
Python 2.6.5
Quick Vic Reporting - Teacher Components
QuickTime
Qwizdom WizTeach
RapidTyping
Ray's Letters and Numbers
Realtek High Definition Audio Driver
Scratch
ScreenMarker
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Softronics MicroSoft Windows Logo 6.05
Songsmith (Academic Edition)
Stellarium 0.10.5
Symantec Endpoint Protection
Synaptics Pointing Device Driver
TeamBoard
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Tux Math Scrabble 0.7.2
Tux of Math Command (remove only)
Tux Paint
Tux Typing
Tux Word Smith 0.7.9
TuxGuitar
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB drive letter manager
VirtualDub 1.9.11
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 1.1.11
Wax
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
Wolfram CDF Player (M-WIN-D 8.0.3 2427703)
Write Tools Set A
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
30/05/2012 9:52:10 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain HPPS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
30/05/2012 2:03:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:50:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30/05/2012 10:50:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30/05/2012 10:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30/05/2012 10:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
30/05/2012 10:50:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/05/2012 10:50:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30/05/2012 10:49:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
30/05/2012 10:49:05 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2012 10:49:03 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30/05/2012 10:49:03 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
30/05/2012 10:49:03 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30/05/2012 10:49:03 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30/05/2012 10:49:02 AM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
30/05/2012 1:50:53 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
29/05/2012 11:15:59 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
29/05/2012 10:59:10 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
28/05/2012 8:07:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
28/05/2012 8:04:22 AM, Error: Application Management Group Policy [108] - Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%1603
28/05/2012 8:04:22 AM, Error: Application Management Group Policy [102] - The install of application Adobe Flash Player 10 ActiveX from policy Notebooks - Staff failed. The error was : %%1603
28/05/2012 8:04:17 AM, Error: Application Management Group Policy [102] - The install of application Java(TM) 6 Update 24 from policy Notebooks - Staff failed. The error was : %%1603
28/05/2012 8:04:16 AM, Error: Application Management Group Policy [102] - The install of application Adobe Reader X MUI from policy Notebooks - Staff failed. The error was : %%1603
28/05/2012 8:04:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CSC SASDIFSV SASKUTIL
28/05/2012 8:03:51 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
28/05/2012 8:03:37 AM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
28/05/2012 4:40:20 PM, Error: Application Management Group Policy [103] - The removal of the assignment of application Java(TM) 6 Update 24 from policy Notebooks - Staff failed. The error was : %%2
28/05/2012 4:40:20 PM, Error: Application Management Group Policy [103] - The removal of the assignment of application Adobe Reader X MUI from policy Notebooks - Staff failed. The error was : %%2
28/05/2012 4:40:20 PM, Error: Application Management Group Policy [103] - The removal of the assignment of application Adobe Flash Player 10 ActiveX from policy Notebooks - Staff failed. The error was : %%2
25/05/2012 8:01:51 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\hpps.hamptonparkps.vic.edu.au\SysVol\hpps.hamptonparkps.vic.edu.au\Policies\{C90760B0-29BE-4E53-9D4A-7F377E1E59BF}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
25/05/2012 7:16:58 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
24/05/2012 7:59:15 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
24/05/2012 7:59:12 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
23/05/2012 9:35:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
23/05/2012 9:35:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
23/05/2012 3:50:28 PM, Error: Service Control Manager [7034] - The Cisco EnergyWise Enabler service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Greatly appreciate your assistance in this matter.
Regards
Samir
