[Infected with PUP.bundleoffers.iiq trojan]

Actually I did another test with downloading virus definitions with aswMBR and it downloaded faster on my machine. We recently upgraded our phone system to VoIP and the download was really slow.

Jeff, thanks for all your help1

[Infected with PUP.bundleoffers.iiq trojan]

I was a little pressed for time so I backed up her data and scanned her data on a separate drive to remove any viruses & then reinstalled Windows 7 via SCCM. How large are the virus definition files usually on the Avast utility? It was taking longer than an hour to download the virus definitions.

[Infected with PUP.bundleoffers.iiq trojan]

I think I'm just going to back this persons's data up and install Windows 7 sp1 which I'm sure will remove the rootkit/s and pup.bundlieoffers.iiq.

[Infected with PUP.bundleoffers.iiq trojan]

How big are the avast virus definition files? They are taking a long time to download.

[Infected with PUP.bundleoffers.iiq trojan]

One thing I found is that this laptop doesn't have Windows 7 sp1 installed.

[Infected with PUP.bundleoffers.iiq trojan]

I'm logged in with a different account and don't see the mysearchresults.com search engine. Should I be logged in with the infected user's account?

Here is the dds file:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.17115

Run by zelda01 at 8:49:12 on 2012-11-20

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2003.966 [GMT -6:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ================

.

C:\WINDOWS\system32\wininit.exe

C:\WINDOWS\system32\lsm.exe

C:\WINDOWS\system32\atiesrxx.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\KPurcell\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\CCM\CcmExec.exe

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\taskhost.exe

C:\WINDOWS\system32\taskeng.exe

C:\WINDOWS\system32\Dwm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\net.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe

C:\WINDOWS\system32\sppsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\WmiApSrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\servicing\TrustedInstaller.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskhost.exe

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.saintpaul.edu

uDefault_Page_URL = hxxp://www.saintpaul.edu

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - <orphaned>

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - c:\users\kpurcell\appdata\local\playtopus\Playtopus.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: legalnoticecaption = Saint Paul College Acceptable Use Policy

mPolicies-Windows\System: UserPolicyMode = dword:1

mPolicies-Windows\System: DeleteRoamingCache = dword:1

mPolicies-Windows\System: SlowLinkDetectEnabled = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.1.14.61 10.1.14.19

TCP: Interfaces\{387E119E-02D1-455D-891E-E52BBCFC4FB4}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{8676C854-A2F9-44E5-8611-32DE661E604A} : DHCPNameServer = 10.1.14.61 10.1.14.19

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-11-13 107520]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-23 1839776]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-23 106656]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe [2011-4-25 142240]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400]

.

=============== Created Last 30 ================

.

2012-11-20 14:44:44 -------- d-----w- c:\users\zelda01\appdata\local\Google

2012-11-19 20:18:04 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-11-19 20:15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-19 20:15:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-19 19:12:37 -------- d-----w- c:\programdata\Malwarebytes

2012-11-13 23:51:41 -------- d-----w- c:\program files\Freeze.com

2012-11-13 23:51:20 -------- d-----w- c:\program files\Yahoo!

2012-10-29 18:48:13 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-29 18:47:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-29 18:47:41 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-29 18:47:30 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-29 18:44:14 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-10-29 18:43:41 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-29 18:43:41 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-29 18:43:40 1157632 ----a-w- c:\windows\system32\crypt32.dll

2012-10-29 18:43:02 172544 ----a-w- c:\windows\system32\wintrust.dll

.

==================== Find3M ====================

.

2012-08-24 17:10:47 981504 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 16:01:45 386048 ----a-w- c:\windows\system32\html.iec

2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 8:50:08.24 ===============

Here is attach.txt file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2010 3:20:36 PM

System Uptime: 11/20/2012 8:42:47 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0DW635

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 197.3 GiB free.

D: is CDROM (UDF)

P: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free.

R: is NetworkDisk (NTFS) - 200 GiB total, 185.737 GiB free.

S: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free.

U: is NetworkDisk (NTFS) - 10 GiB total, 4.128 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP104: 9/11/2012 3:53:21 PM - Scheduled Checkpoint

RP105: 9/19/2012 8:06:55 AM - Scheduled Checkpoint

RP106: 9/24/2012 3:41:21 PM - Windows Update

RP107: 10/9/2012 3:48:15 PM - Scheduled Checkpoint

RP108: 10/17/2012 8:03:35 AM - Scheduled Checkpoint

RP109: 10/24/2012 8:15:37 AM - Scheduled Checkpoint

RP110: 10/29/2012 1:42:23 PM - Windows Update

RP111: 11/6/2012 8:47:34 PM - Scheduled Checkpoint

RP112: 11/14/2012 8:19:34 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Camtasia Studio 7

Configuration Manager Client

DefaultTab

Google Toolbar for Internet Explorer

Google Update Helper

iTunes

Java Auto Updater

Java 6 Update 27

LiveUpdate 3.3 (Symantec Corporation)

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

MobileMe Control Panel

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

NetAssistant

Notepad++ version 6.1.2

OGA Notifier 2.0.0048.0

QuickTime

Respondus 3.5 Campus-Wide

RICOH R5U8xx Media Driver ver.3.62.02

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

SoundMAX

SUPERAntiSpyware

Symantec Endpoint Protection

TestGen

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/20/2012 8:46:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/19/2012 7:17:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/19/2012 7:15:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

11/19/2012 10:08:41 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

11/19/2012 10:08:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

11/14/2012 1:07:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.

.

==== End Of File ===========================

[Infected with PUP.bundleoffers.iiq trojan]

I will try this tomorrow and get back to you.

[Infected with PUP.bundleoffers.iiq trojan]

I have one computer infected with this trojan and I scanned the computer with Malwarebytes and it only found 1. I clicked the remove option and restarted the pc after scanning and it didn't remove the mysearchresults.com search engine and the home page was pointing still to myfreeze.com home page still. Can Malwarebytes remove this or should I just reinstall Windows 7 to remove the infection?

[Question about PUM.BadProxy]

It is fixed. I read on another newsgroup that a user got an infected Word 2007 template and so I updated her machine to Office 2010 and rebooted. I logged in with her account and another account and the computer can get to Google, Bing, Yahoo and produce search results. Thanks MrC for all your help!

[Question about PUM.BadProxy]

Here is info.txt

info.txt logfile of random's system information tool 1.09 2012-05-25 10:22:37

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {DD802480-2F99-4B4E-B2D5-1E0DD1B711EF}

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin

Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Shockwave Player 11.5-->MsiExec.exe /X{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

DesignPro 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{32821558-2C36-4FD0-A891-CA65360B0EC7}

Elvis Calendar Widget-->msiexec /qb /x {C360F0C7-53DD-71D3-310C-3307AEB0F409}

Elvis Calendar Widget-->MsiExec.exe /I{C360F0C7-53DD-71D3-310C-3307AEB0F409}

iTunes-->MsiExec.exe /I{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}

Java 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}

JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

NVIDIA 3D Vision Controller Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB

NVIDIA 3D Vision Controller Driver-->"C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly

NVIDIA 3D Vision Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision

NVIDIA Graphics Driver 275.33-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio Driver 1.2.23.3-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA PhysX System Software 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

NVIDIA Update 1.3.5-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update

PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall

QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

Related Math Interactive Training-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UA\RMT\Uninst.isu"

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Safari-->MsiExec.exe /I{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Symantec Endpoint Protection-->MsiExec.exe /I{FA689023-0B72-4771-98A6-A1C927E58207}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {97FF6C46-CE3A-47F6-BA6B-3D743ACA4054}

Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}

Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}

Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

======System event log======

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 10016

Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 102991

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20120404140253.000000-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 129

Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Record Number: 102983

Source Name: Microsoft-Windows-Time-Service

Time Written: 20120404140208.102169-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 129

Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Record Number: 102982

Source Name: Microsoft-Windows-Time-Service

Time Written: 20120404140206.588967-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 1129

Message: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Record Number: 102965

Source Name: Microsoft-Windows-GroupPolicy

Time Written: 20120404140155.986524-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5719

Message: This computer was not able to set up a secure session with a domain controller in domain MAIL due to the following:

There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Record Number: 102947

Source Name: NETLOGON

Time Written: 20120404140154.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 3 files inside c:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20555

Source Name: Symantec AntiVirus

Time Written: 20120307162644.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20554

Source Name: Symantec AntiVirus

Time Written: 20120307162643.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20553

Source Name: Symantec AntiVirus

Time Written: 20120307162641.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 3 files inside c:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20552

Source Name: Symantec AntiVirus

Time Written: 20120307162636.000000-000

Event Type: Warning

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 6

Message:

Could not scan 2 files inside c:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-C\ProPlsWW.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.7000.52&language=english&module=1000&error=0014&build=symantec_ent

Record Number: 20551

Source Name: Symantec AntiVirus

Time Written: 20120307162633.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {E6129EB3-1834-4BE2-B98F-E7F999D40502}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129118

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8a7 - 0x5cf1a8a7

Filter Action: Block

Record Number: 2053052

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.063003-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {A889465D-3F30-4928-9BC9-788CD35C4F85}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129117

Layer Information:

ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650}

Name: ALE Receive/Accept v4 Layer

Run-Time ID: 44

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8c2 - 0x5cf1a8c2

Filter Action: Block

Record Number: 2053051

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.063003-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {2CFEF919-9146-4CBC-94B8-BFF0C53337DC}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129116

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a8c2 - 0x5cf1a8c2

Filter Action: Block

Record Number: 2053050

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.031809-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {AD7B517C-4F4B-416D-9E0E-A79175CC9A62}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129115

Layer Information:

ID: {E1CD9FE7-F4B5-4273-96C0-592E487B8650}

Name: ALE Receive/Accept v4 Layer

Run-Time ID: 44

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a9fa - 0x5cf1a9fa

Filter Action: Block

Record Number: 2053049

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134115.031809-000

Event Type: Audit Success

User:

Computer Name: KZUSAND01.saintpaul.edu

Event Code: 5447

Message: A Windows Filtering Platform filter has been changed.

Subject:

Security ID: S-1-5-18

Account Name: NT AUTHORITY\SYSTEM

Process Information:

Process ID: 3792

Provider Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Change Information:

Change Type: Delete

Filter Information:

ID: {E3EE0696-8EE5-4E61-A272-24879CF251E0}

Name: Malwarebytes Anti-Malware

Type: Not persistent

Run-Time ID: 129114

Layer Information:

ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}

Name: ALE Connect v4 Layer

Run-Time ID: 48

Callout Information:

ID: {00000000-0000-0000-0000-000000000000}

Name: -

Additional Information:

Weight: 576460752303423488

Conditions:

Condition ID: {b235ae9a-1d64-49b8-a44c-5ff3d9095045}

Match value: In range

Condition value: 0x5cf1a9fa - 0x5cf1a9fa

Filter Action: Block

Record Number: 2053048

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120525134114.985017-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"UATDATA"=C:\Windows\system32\CCM\UATData\D9F8C395-CAB8-491d-B8AC-179A1FE1BE77

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[Question about PUM.BadProxy]

Here is log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by kzusan at 2012-05-25 10:22:03

Microsoft Windows 7 Enterprise Service Pack 1

System drive C: has 109 GB (71%) free of 153 GB

Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:22:30 AM, on 5/25/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\taskhost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\WINDOWS\system32\Dwm.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\WINDOWS\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\WINDOWS\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Users\kzusan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ65AEJC\RSIT.exe

C:\Program Files\trend micro\kzusan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://local455jatc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.saintpaul.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintpaul.edu/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-4057334158-1806230062-3859189933-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintpaul.edu

O17 - HKLM\Software\..\Telephony: DomainName = saintpaul.edu

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = saintpaul.edu

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = saintpaul.edu

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)

O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6366 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\At1.job

=========Mozilla firefox=========

ProfilePath - C:\Users\kzusan\AppData\Roaming\Mozilla\Firefox\Profiles\kf3beamp.default

prefs.js - "browser.startup.homepage" - "http://local455jatc.com/"

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]

"Description"=

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]

"Description"=NVIDIA stereo images plugin for Mozilla browsers

"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]

"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL [2012-05-11 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Avery Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-10-08 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-24 140520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP]

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=Saint Paul College Acceptable Use Policy

"legalnoticetext"=This computer is the property of Saint Paul College and the Minnesota State Colleges and Universities (“System”). It is available to authorized users only and its use is subject to System Policies and Procedures. You have no explicit or implicit expectation of privacy. The System reserves the right to monitor use of technology resources including all devices and the college network. System officials may access data on these technology resources, without notice, for business purposes. Unauthorized or improper use may result in legal and/or disciplinary action. The System may refer suspected violations of law to law enforcement. By using this system you indicate your consent to these terms and conditions.

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"HideSCAHealth"=1

"NoSMBalloonTip"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-25 10:22:04 ----D---- C:\Program Files\trend micro

2012-05-25 10:22:03 ----D---- C:\rsit

2012-05-25 08:57:34 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2012-05-25 08:52:20 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-05-25 08:26:12 ----A---- C:\WINDOWS\ntbtlog.txt

2012-05-25 08:23:54 ----D---- C:\Users\kzusan\AppData\Roaming\SPE

2012-05-25 08:23:54 ----A---- C:\WINDOWS\system32\drivers\SMR250.SYS

2012-05-24 14:28:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-05-24 14:28:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files\Java

2012-05-24 14:22:00 ----D---- C:\Program Files\Oracle

2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\npDeployJava1.dll

2012-05-24 14:21:32 ----A---- C:\WINDOWS\system32\javaws.exe

2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\javaw.exe

2012-05-24 14:21:21 ----A---- C:\WINDOWS\system32\java.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wininet.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\wextract.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\webcheck.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\vbscript.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\urlmon.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\url.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\SetIEInstalledDate.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\RegisterIEPKEYs.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\pngfilt.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\occache.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msrating.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msls31.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmler.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtmled.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshtml.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\mshta.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedssync.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\msfeeds.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\licmgr10.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jsproxy.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript9.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\jscript.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\inseng.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\imgutil.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iexpress.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieUnatt.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieui.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesysprep.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iesetup.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iertutil.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iernonce.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iepeers.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieframe.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieapfltr.dat

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakui.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieaksie.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ieakeng.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\IEAdvpack.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\icardie.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtrans.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2012-05-24 13:59:09 ----A---- C:\WINDOWS\system32\admparse.dll

2012-05-24 11:38:14 ----D---- C:\Users\kzusan\AppData\Roaming\Mozilla

2012-05-24 11:38:04 ----D---- C:\ProgramData\Mozilla

2012-05-24 11:38:03 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-05-24 11:38:00 ----D---- C:\Program Files\Mozilla Firefox

2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\drivers\WGX.SYS

2012-05-14 08:24:51 ----D---- C:\ProgramData\regid.1992_12.com.symantec

2012-05-14 08:24:11 ----D---- C:\WINDOWS\system32\drivers\SEP

======List of files/folders modified in the last 1 month======

2012-05-25 10:22:04 ----RD---- C:\Program Files

2012-05-25 10:20:24 ----D---- C:\WINDOWS\system32\drivers

2012-05-25 10:18:59 ----D---- C:\Windows

2012-05-25 09:50:50 ----D---- C:\WINDOWS\Temp

2012-05-25 09:17:14 ----D---- C:\WINDOWS\System32

2012-05-25 09:00:25 ----SHD---- C:\WINDOWS\Installer

2012-05-25 08:59:30 ----SHD---- C:\System Volume Information

2012-05-25 08:52:25 ----D---- C:\WINDOWS\Tasks

2012-05-25 08:52:25 ----D---- C:\WINDOWS\system32\Tasks

2012-05-25 08:27:55 ----A---- C:\WINDOWS\SMSCFG.ini

2012-05-25 08:26:42 ----D---- C:\ProgramData\NVIDIA

2012-05-25 08:22:57 ----D---- C:\WINDOWS\inf

2012-05-25 08:22:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-05-25 08:14:36 ----D---- C:\WINDOWS\system32\config

2012-05-24 14:22:23 ----D---- C:\Program Files\Common Files

2012-05-24 14:21:06 ----D---- C:\Program Files\Java

2012-05-24 14:05:48 ----HD---- C:\ProgramData

2012-05-24 14:01:48 ----D---- C:\WINDOWS\winsxs

2012-05-24 13:59:54 ----D---- C:\Program Files\Internet Explorer

2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\migration

2012-05-24 13:59:53 ----D---- C:\WINDOWS\system32\en-US

2012-05-24 13:59:53 ----D---- C:\WINDOWS\PolicyDefinitions

2012-05-24 13:59:28 ----D---- C:\WINDOWS\Logs

2012-05-24 13:59:08 ----D---- C:\WINDOWS\system32\catroot

2012-05-24 13:59:07 ----D---- C:\WINDOWS\system32\catroot2

2012-05-24 13:03:44 ----D---- C:\WINDOWS\Prefetch

2012-05-23 10:47:49 ----D---- C:\WINDOWS\system32\NDF

2012-05-16 08:20:28 ----D---- C:\Program Files\Common Files\Symantec Shared

2012-05-15 09:48:28 ----D---- C:\ProgramData\Symantec

2012-05-15 09:48:16 ----D---- C:\Program Files\Symantec

2012-05-15 08:13:49 ----A---- C:\WINDOWS\system32\SymVPN.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-11-14 43840]

R0 rdyboost;ReadyBoost; C:\WINDOWS\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 SMR250;Symantec SMR Utility Service 2.5.0; C:\WINDOWS\System32\drivers\SMR250.SYS [2012-05-25 83064]

R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS [2012-05-11 340088]

R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS [2012-05-11 758904]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\WINDOWS\system32\drivers\vmbus.sys [2010-11-20 175360]

R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120517.011\BHDrvx86.sys [2012-05-15 821880]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\WINDOWS\system32\drivers\csc.sys [2010-11-20 388096]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-05-22 374392]

R1 IDSvix86;IDSvix86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120524.001\IDSvix86.sys [2012-05-15 368248]

R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS [2012-05-11 522872]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS [2012-05-11 31864]

R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS [2012-05-11 137336]

R1 SYMNETS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMNETS.SYS [2012-05-11 299640]

R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2009-07-13 8704]

R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]

R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-15 106104]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]

R3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [2012-05-25 28488]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2012-04-04 22344]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVENG.SYS [2012-05-22 87928]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120524.039\NAVEX15.SYS [2012-05-22 1589752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32v.sys [2011-05-25 139368]

R3 prepdrvr;SMS Process Event Driver; \??\C:\Windows\system32\CCM\prepdrv.sys [2009-09-18 20848]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-05-14 127096]

S3 aic78xx;aic78xx; C:\WINDOWS\system32\DRIVERS\djsvs.sys [2009-07-13 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\drivers\amdagp.sys [2009-07-13 53312]

S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTDVHDA.sys [2009-10-23 2747424]

S3 pciide;pciide; C:\WINDOWS\system32\drivers\pciide.sys [2009-07-13 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\WINDOWS\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\WINDOWS\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 s3cap;s3cap; C:\WINDOWS\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\drivers\sisagp.sys [2009-07-13 52304]

S3 storvsc;storvsc; C:\WINDOWS\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []

S3 Synth3dVsc;Synth3dVsc; C:\WINDOWS\System32\drivers\synth3dvsc.sys []

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\WINDOWS\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]

S3 VGPU;VGPU; C:\WINDOWS\System32\drivers\rdvgkmd.sys []

S3 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\drivers\viaagp.sys [2009-07-13 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\WINDOWS\system32\DRIVERS\viac7.sys [2009-07-13 52736]

S3 VMBusHID;VMBusHID; C:\WINDOWS\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2011-11-10 176128]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 CcmExec;SMS Agent Host; C:\Windows\system32\CCM\CcmExec.exe [2009-09-18 764768]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2011-05-25 615528]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2012-05-11 137224]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

R3 AppMgmt;@appmgmts.dll,-3250; C:\WINDOWS\system32\svchost.exe [2009-07-13 20992]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520]

R3 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe [2012-05-11 1667328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-20 129976]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 smstsmgr;SMS Task Sequence Agent; C:\Windows\system32\CCM\TSManager.exe [2009-09-18 246624]

S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe [2012-05-11 280496]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\WINDOWS\System32\svchost.exe [2009-07-13 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\WINDOWS\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]

S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

-----------------EOF-----------------

[Question about PUM.BadProxy]

I also disabled Symantec Endpoint Protection 12.

[Question about PUM.BadProxy]

Those are also getting blocked by the browsers.

[Question about PUM.BadProxy]

When I try to download RogueKiller IE & Firefox delete the attachment. I tried renaming it and it says the publisher can't be verified.

[Question about PUM.BadProxy]

I've got one computer that got the PUM.BadProxy virus. I removed it with Malwarebytes but it didn't prompt me to reboot so I rebooted anyway. After rebooting the computer still can't get to Google's search engine or Yahoo's search results but the computer can go out to other web pages. I tried installing Firefox 12 and still couldn't get to Google's site. I updated the Windows 7 computer to Internet Explorer 9 and that still didn't help.

[Question about PUM.BadProxy]

I've got one computer that got the PUM.BadProxy virus. I removed it with Malwarebytes but it didn't prompt me to reboot so I rebooted anyway. After rebooting the computer still can't get to Google's search engine or Yahoo's search results but the computer can go out to other web pages. I tried installing Firefox 12 and still couldn't get to Google's site. I updated the Windows 7 computer to Internet Explorer 9 and that still didn't help.

[Twitter.com getting blocked I think by Malwarebytes]

Hi mkruzel,

Twitter should not be getting blocked by Malwarebytes.

Do you receive any notifications when Twitter gets blocked? If so, please post a screen shot.

Actually its working again now this morning. I'm not sure what caused it. The images weren't coming in. Strange. Thanks for responding.

[Twitter.com getting blocked I think by Malwarebytes]

Is there any way to unblock it? I tried all my browsers - Google Chrome, IE9, Firefox 4 and its just not coming up.

[New Malwarebytes 1.45 slow to log in.]

I updated to Malwarebytes 1.45 just now and after rebooting the login screen on my Windows 7 machine (Dell XPS 420 2.40 ghz quad core processor, 700 gig hard drive, 4 gig memory) it took about 3-4 minutes maybe to log in. After the desktop came up I rebooted again and it logged in much quicker. This is the second time this has happened and I think it happened with the previous update 1.44. Has this happened to anyone else?

[google redirect virus]

Sorry if I posted this in the wrong area.

Hello mkruzel, and welcome to Malwarebytes.org

For the most part, Malwarebytes is the best malware removal program out on the market at this time. The free version should be able to help you remove the infection.

Have a look RIGHT HERE for some guides in the Malware Removal Guides and Self Help Guides Section. You can look through there and see if you find the infection you have.

Also you can follow the instructions below for free help from an expert to help you remove the infection.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please note that it may take 72 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 72 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

[google redirect virus]

I got one computer where a user did a search in the Internet Explorer 7 search on google on recipes and got a Security center screen and the icons disappear. Will the latest version of malwarebytes remove this threat?

[black screen logging in after updating to 1.43]

I bought the full version of Malwarebytes version 1.42 a couple days ago and updated to 1.43. I rebooted the computer when I got prompted and when I logged in it took several minutes for the desktop to come up. I rebooted the computer in safe mode one time and then rebooted again. After the 2nd reboot my desktop came up so I'm not sure what the initial problem if it is with the install of 1.43. I really haven't had too many problems updating Malwarebytes.

I'm using a Dell XPS 420 (700 gig hard drive, Intel 2.40 ghz quad core processor and 4 gig of ram).

[Thank you Malwarebytes!]

Our IT dept got a computer yesterday brought up to us - Dell Optiplex 360 with Windows XP Pro and it had 18,000 infections. We scanned the computer in safe mode and it removed all 18,000 on the first scan. The 2nd followup scan in safe mode found 0 threats. We did a scan with a couple other programs but Malwarebytes did a great job in removing the infections.

[Deleting temp, temporary internet files in Malwarebytes.]

Thanks for all the responses.

[Deleting temp, temporary internet files in Malwarebytes.]

It would be cool if Malwarebytes had a feature to remove temp, temporary internet files from hard drives first then scan the drive.