Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Used Combofix to remove Rootkit.zeroaccess now I can't share files


  • This topic is locked This topic is locked
10 replies to this topic

#1 MSWD

MSWD

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 27 July 2012 - 09:29 PM

Hello,
I used Combofix to remove Rootkit.zeroaccess now I am unable to share files on my computer. I'm running Windows Business Vista.

I ran tweaking.com to try to resolve any issues no change.

I can see other computers on the network and I can access their files. I can access the internet. Just no one sees my computer on the network.

Ran TDSS killer- nothing found

Ran Farbar Service Scanner:
Here is this log:
Farbar Service Scanner Version: 26-07-2012
Ran by Kathy (administrator) on 27-07-2012 at 21:05:35
Running from "C:\Users\Kathy\Downloads"
Microsoft® Windows Vista™ Business Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-09-19 17:54] - [2008-01-19 02:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-14 17:45] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-12 07:45] - [2010-06-16 10:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 21:16] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-09-19 17:55] - [2008-01-19 02:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-09-19 17:54] - [2008-01-19 02:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-09-19 17:55] - [2008-01-19 02:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-09-19 17:54] - [2008-01-19 02:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-09-19 17:54] - [2008-01-19 02:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-09-19 17:55] - [2008-01-19 02:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-12 22:52] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-09-19 17:54] - [2008-01-19 02:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 13:11] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

Here is the mini tool box log:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Kathy (administrator) on 27-07-2012 at 21:39:10
Microsoft® Windows Vista™ Business Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.ftp", "24.77.168.91"
"network.proxy.ftp_port", 8085
"network.proxy.gopher", "24.77.168.91"
"network.proxy.gopher_port", 8085
"network.proxy.http", "24.77.168.91"
"network.proxy.http_port", 8085
"network.proxy.no_proxies_on", "*.local"
"network.proxy.socks", "24.77.168.91"
"network.proxy.socks_port", 8085
"network.proxy.ssl", "24.77.168.91"
"network.proxy.ssl_port", 8085
"network.proxy.type", 0
========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys AE1200 = Wireless Network Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kathy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Linksys AE1200
Physical Address. . . . . . . . . : C0-C1-C0-5C-0A-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6d3d:580b:fe23:f6ff%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 27, 2012 4:31:54 PM
Lease Expires . . . . . . . . . . : Saturday, July 28, 2012 6:41:41 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-1E-4F-B3-06-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.tx.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{30C8447F-E4CE-4232-85A3-7905447F5B4A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.tx.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.tx.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2001:4860:800a::8a
74.125.45.139
74.125.45.113
74.125.45.102
74.125.45.101
74.125.45.138
74.125.45.100



Pinging google.com [74.125.130.101] with 32 bytes of data:

Reply from 74.125.130.101: bytes=32 time=288ms TTL=46

Reply from 74.125.130.101: bytes=32 time=33ms TTL=46



Ping statistics for 74.125.130.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 288ms, Average = 160ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=78ms TTL=50

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 78ms, Average = 48ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
16 ...c0 c1 c0 5c 0a 7a ...... Linksys AE1200
9 ...00 1e 4f b3 06 55 ...... Broadcom NetXtreme 57xx Gigabit Controller
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.hsd1.tx.comcast.net.
13 ...00 00 00 00 00 00 00 e0 isatap.{30C8447F-E4CE-4232-85A3-7905447F5B4A}
15 ...00 00 00 00 00 00 00 e0 isatap.hsd1.tx.comcast.net.
18 ...00 00 00 00 00 00 00 e0 isatap.hsd1.tx.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 281
192.168.1.105 255.255.255.255 On-link 192.168.1.105 281
192.168.1.255 255.255.255.255 On-link 192.168.1.105 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 281 fe80::/64 On-link
16 281 fe80::6d3d:580b:fe23:f6ff/128
On-link
1 306 ff00::/8 On-link
16 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2012 09:10:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\E5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\E5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\D7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\D7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:35 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\7D> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:35 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\7D> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\0B> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\0B> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\01> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:10:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KATHY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3X4LD82E.DEFAULT\CACHE\E\01> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (07/27/2012 04:45:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/27/2012 04:42:55 PM) (Source: Service Control Manager) (User: )
Description: McAfee Network Agent

Error: (07/27/2012 04:42:03 PM) (Source: Service Control Manager) (User: )
Description: ESC Connections Server1

Error: (07/27/2012 04:37:22 PM) (Source: Service Control Manager) (User: )
Description: ESC Connections Server

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: Pure Networks Platform Service%%1053

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: 30000Pure Networks Platform Service

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: 30000QBIDPService

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: 30000QBCFMonitorService

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing Service%%1058

Error: (07/27/2012 04:35:04 PM) (Source: Service Control Manager) (User: )
Description: Net.Msmq Listener Adaptermsmq


Microsoft Office Sessions:
=========================
Error: (05/18/2012 00:12:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1201939 seconds with 29640 seconds of active time. This session ended with a crash.

Error: (05/04/2012 02:20:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 234397 seconds with 10620 seconds of active time. This session ended with a crash.

Error: (04/24/2012 03:25:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 299 seconds with 240 seconds of active time. This session ended with a crash.

Error: (04/11/2012 05:24:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 99894 seconds with 4980 seconds of active time. This session ended with a crash.

Error: (04/10/2012 01:38:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 536756 seconds with 13260 seconds of active time. This session ended with a crash.

Error: (04/04/2012 07:55:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 667826 seconds with 16740 seconds of active time. This session ended with a crash.

Error: (03/27/2012 02:24:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 618477 seconds with 17160 seconds of active time. This session ended with a crash.

Error: (03/09/2012 02:43:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 273122 seconds with 15240 seconds of active time. This session ended with a crash.

Error: (03/06/2012 10:50:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 411479 seconds with 5940 seconds of active time. This session ended with a crash.

Error: (03/01/2012 02:26:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 101056 seconds with 4980 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 8.1.1)
6300 (Version: 82.0.242.000)
6300_Help (Version: 82.0.242.000)
6300Trb (Version: 82.0.242.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Add or Remove Adobe Creative Suite 3 Web Premium (Version: 1.0)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.1)
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR (Version: 3.1.0.4880)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Contribute CS3 (Version: 4.1)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Web Premium (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CS4 French Speech Analysis Models (Version: 1)
Adobe CS4 German Speech Analysis Models (Version: 1)
Adobe CS4 International English Speech Analysis Models (Version: 1)
Adobe CS4 Italian Speech Analysis Models (Version: 1)
Adobe CS4 Japanese Speech Analysis Models (Version: 1)
Adobe CS4 Korean Speech Analysis Models (Version: 1)
Adobe CS4 Spanish Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SING CS3 (Version: 0.1)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server (Version: 3.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS3 (Version: 1.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AHV content for Acrobat and Flash (Version: 1)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Alpha Five V10
Amazon Kindle
APC PowerChute Personal Edition (Version: 2.0)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ArcSoft VideoImpression 2
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Broadcom Management Programs (Version: 10.15.01)
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Camera Drivers V1.4
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Speed Dial Utility
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.1.1)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility (Version: 2.3.1.3)
Canon Utilities My Printer
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.3.0.0)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CCScore (Version: 7.00.0000.0001)
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC (Version: 1.0)
Connect (Version: 1.0.0.1)
Copy (Version: 82.0.188.000)
CuteFTP 8 Home (Version: 8.3.1)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Destinations (Version: 82.0.173.000)
DHTML Editing Component (Version: 6.02.0001)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9)
Electronic Service Control (Version: 9.00.0000)
EOS USB WIA Driver (Version: 6.0.1.5)
ESC Accounting Server (Version: 12.0.2)
ESC Connections Server (Version: 12.0.66)
ESSBrwr (Version: 7.01.0000.0001)
ESSCDBK (Version: 7.01.0000.0002)
ESScore (Version: 7.01.0000.0012)
ESSgui (Version: 7.01.0000.0002)
ESSini (Version: 7.01.0000.0002)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.01.0000.0001)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
ffdshow [rev 1763] [2007-01-08] (Version: 1.0)
FileZilla Client 3.1.0.1 (Version: 3.1.0.1)
Google AdWords Editor (Version: 9.5.1)
Google Chrome (Version: 20.0.1132.57)
Google Chrome Frame (Version: 20.0.1132.57)
Google Desktop (Version: 5.9.0909.30391)
Google Gears (Version: 0.5.3600)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GoToAssist Corporate (Version: 9.1.0.615)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
GSiteCrawler (Version: v1.23)
HP Color LaserJet 2605 2.0 (Version: 2.0)
HP Color LaserJet CP2020 Series 1.0 (Version: 1.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 4.0.0013)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
hppCLJ2605 (Version: 002.001.00027)
hppFonts (Version: 001.001.00056)
hppIOFiles (Version: 002.000.00030)
hppManuals2605 (Version: 001.000.00026)
hppManualsCP2020 (Version: 001.000.00112)
hppPQVideoCP2020 (Version: 001.000.00112)
hppQFolderCP2020 (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
hppTLBXFX2605 (Version: 000.106.00083)
hppTLBXFXCP2020 (Version: 001.012.00091)
hppusg2605 (Version: 000.203.00103)
hppusgCP2020 (Version: 000.000.00011)
hpzTLBXFX (Version: 004.012.00146)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Jing (Version: 2.6.12032.1)
Kodak EasyShare software
kuler (Version: 2.0)
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 100.0.170.000)
McAfee Online Backup
McAfee Online Backup (Version: 1.14.1.6)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee Total Protection (Version: 11.0.678)
McAfee Virtual Technician (Version: 5.5.1.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Easy Assist (Version: 1.0.2028.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting 2007 Transaction Migration Update (Version: 2.0.7503.0)
Microsoft Office Accounting 2008 Migration Tool For QuickBooks (Version: 3.0.8231.0)
Microsoft Office Accounting 2009 (Version: 4.0.3610.0)
Microsoft Office Accounting 2009 Equifax Addin (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 Fixed Asset Manager (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 PayPal Addin (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 Tax Integration Add-in (Version: 4.0.1930.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ESC) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
MosChip Multi-IO Controller
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Music, Photos & Videos Launcher (Version: 1.00.0000)
MySpeed v3.8.4 (Version: 3.08.0252)
netbrdg (Version: 7.01.0000.0001)
NVIDIA Display Control Panel (Version: 6.14.11.9713)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA PhysX (Version: 9.10.0129)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.11.9713)
oDesk Team
OfotoXMI (Version: 7.01.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PowerDVD (Version: 7.0)
Product Documentation Launcher (Version: 1.00.0000)
Product_SF_Full_QFolder (Version: 1.00.0000)
Product_SF_Min_QFolder (Version: 1.00.0000)
QuickBooks (Version: 21.0.4011.904)
QuickBooks Conversion Tool (Version: 11.10.0000)
QuickBooks Pro 2011 (Version: 21.0.4011.904)
QuickSet (Version: 8.2.12)
QuickTime (Version: 7.72.80.56)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Safari (Version: 5.34.57.2)
Scan (Version: 8.1.0.0)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
SI Trace by Software Institute (remove only)
SigmaTel Audio (Version: 5.10.5102.0)
skin0001 (Version: 7.01.0000.0003)
SKINXSDK (Version: 7.01.0000.0001)
SolutionCenter (Version: 82.0.188.000)
Sonic Activation Module (Version: 1.0)
staticcr (Version: 7.01.0000.0005)
Status (Version: 82.0.173.000)
Suite Shared Configuration CS4 (Version: 1.0)
Sun ODF Plugin for Microsoft Office 3.1 (Version: 3.1.9399)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 82.0.173.000)
tooltips (Version: 7.01.0000.0001)
TrayApp (Version: 82.0.188.000)
Tweaking.com - Windows Repair (All in One) (Version: 1.7.5)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
User's Guides
Visual Studio 2005 Tools for Office Second Edition Runtime
VPRINTOL (Version: 7.01.0000.0001)
Vuze Launcher
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebReg (Version: 100.0.170.000)
Windows Installer Clean Up (Version: 3.00.00.0000)
WIRELESS (Version: 7.01.0000.0001)
XAMPP 1.6.7
YouSendIt Plug-in for Outlook (Version: 2.8.5)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 3068.43 MB
Available physical RAM: 1112.84 MB
Total Pagefile: 6357.89 MB
Available Pagefile: 3480.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.02 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:60.7 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.62 GB) NTFS

========================= Users: ========================================

User accounts for \\KATHY-PC

Administrator ASPNET Guest
IUSR_KATHY-PC Kathy QBDataServiceUser19
QBDataServiceUser21 temp

========================= Restore Points ==================================

27-07-2012 17:53:16 Tweaking.com - Windows Repair
27-07-2012 17:54:01 Tweaking.com - Windows Repair
27-07-2012 19:54:25 Device Driver Package Install: Cisco Systems, Inc. Network Protocol
27-07-2012 19:55:42 Device Driver Package Install: Cisco Systems, Inc. Network Protocol
27-07-2012 19:59:28 Installed Cisco Network Magic
27-07-2012 21:27:39 Installed Microsoft Fix it 50199
27-07-2012 22:15:29 Removed Cisco Network Magic
27-07-2012 22:16:59 Removed Pure Networks Platform

**** End of log ****


Can anyone offer any suggestions as to what the problem might be?

Thanks in advance for your time.
Kathy

Edited by MSWD, 27 July 2012 - 09:42 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 02 August 2012 - 04:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462799 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MSWD

MSWD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 02 August 2012 - 07:44 AM

DDS results:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_33
Run by Kathy at 7:34:43 on 2012-08-02
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3068.1058 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\xampp\apache\bin\apache.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Enounce\MySpeed\MySpeed.exe
C:\Program Files\dESCO\ESC Connections Server\ESC Connections Server Administrator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Online Backup\MOBKstat.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\dESCO\ESC Connections Server\ESC Connections Server.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Explorer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\dESCO\ESC\ESC.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~1\Intuit\QUICKB~1\dbextclr11.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623045835.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\21.0.1180.60\npchrome_frame.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [ESC Accounting Server] "c:\program files\desco\esc accounting server\ESC Accounting Server.exe"
uRun: [3xAV] c:\program files\enounce\myspeed\MySpeed.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\esccon~1.lnk - c:\windows\installer\{e661b454-879c-46b7-9df4-e998489d5d8b}\_2E3DA4D21B6E3EC720B58B.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee online backup\MOBKstat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~2.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{45EC724A-7268-4327-8EDA-DDD78D53CF10} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{938818F8-0333-49BB-9C00-BC798EECD491} : DhcpNameServer = 75.75.76.76 75.75.75.75
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\21.0.1180.60\npchrome_frame.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\3x4ld82e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 24.77.168.91
FF - prefs.js: network.proxy.ftp_port - 8085
FF - prefs.js: network.proxy.gopher - 24.77.168.91
FF - prefs.js: network.proxy.gopher_port - 8085
FF - prefs.js: network.proxy.http - 24.77.168.91
FF - prefs.js: network.proxy.http_port - 8085
FF - prefs.js: network.proxy.socks - 24.77.168.91
FF - prefs.js: network.proxy.socks_port - 8085
FF - prefs.js: network.proxy.ssl - 24.77.168.91
FF - prefs.js: network.proxy.ssl_port - 8085
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\kathy\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-5-7 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-7 169608]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2009-10-28 54776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-20 179712]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-7 57600]
R3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200vista.sys [2011-10-9 1073216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-26 22344]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-19 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-19 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-7 340920]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-4-6 45344]
S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-4-8 17432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-7 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-19 40552]
.
=============== Created Last 30 ================
.
2012-07-27 19:58:48 76184 ----a-w- c:\windows\system32\atsckernel.exe
2012-07-27 19:58:47 20376 ----a-w- c:\windows\system32\atashost.exe
2012-07-27 19:58:31 -------- d-----w- c:\programdata\webex
2012-07-27 18:44:35 303616 ----a-w- C:\SetACL.exe
2012-07-27 17:55:20 290304 ----a-w- C:\subinacl.exe
2012-07-27 17:53:41 -------- d-----w- C:\Reg_Backup
2012-07-27 17:52:53 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-27 17:52:50 -------- d-----w- c:\program files\Tweaking.com
2012-07-27 16:28:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-27 16:26:06 -------- d-----w- c:\users\kathy\appdata\local\temp
2012-07-27 15:49:40 98816 ----a-w- c:\windows\sed.exe
2012-07-27 15:49:40 518144 ----a-w- c:\windows\SWREG.exe
2012-07-27 15:49:40 256000 ----a-w- c:\windows\PEV.exe
2012-07-27 15:49:40 208896 ----a-w- c:\windows\MBR.exe
2012-07-27 15:49:29 -------- d-----w- C:\ComboFix
2012-07-26 17:24:31 -------- d-----w- C:\!KillBox
2012-07-26 14:28:56 -------- d-----w- c:\users\kathy\appdata\roaming\Malwarebytes
2012-07-26 14:28:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 14:28:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 14:28:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 16:08:28 -------- d-----w- c:\users\kathy\appdata\roaming\ESC
2012-07-23 16:10:26 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-20 19:37:54 -------- d-----w- C:\Alexander-Estate-Sales_WebSite
2012-07-06 14:21:18 -------- d-----w- c:\users\kathy\appdata\local\Amazon
2012-07-06 14:21:09 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2012-07-27 19:57:22 8892928 ----a-w- c:\programdata\atscie.msi
2012-07-27 16:35:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 16:35:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 16:10:00 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 17:48:22 2752832 ----a-w- c:\program files\scrapebox.exe
2012-04-13 17:48:18 482760 ----a-w- c:\program files\sbupdate.exe
.
============= FINISH: 7:37:31.55 ===============


Running GMER now will post those results next

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:30 AM

Posted 06 August 2012 - 05:36 AM

Hi Kathy,

A couple of questions before we start:

1. Could you post me the log from when you ran ComboFix? It will be located at C:\Combofix.txt

2. Do you intentionally have a proxy network set-up?

3. Is this a work/company PC?

Thanks,

Casey

Edited by Casey_boy, 06 August 2012 - 05:36 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 MSWD

MSWD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 06 August 2012 - 09:45 AM

1. Could you post me the log from when you ran ComboFix? It will be located at C:\Combofix.txt POSTED and attached

2. Do you intentionally have a proxy network set-up? NO

3. Is this a work/company PC? HOME OFFICE I RUN TWO BUSINESSES FROM HOME

ComboFix 12-07-27.03 - Kathy 07/27/2012 11:05:45.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3068.2002 [GMT -5:00]
Running from: c:\users\Kathy\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3B55DF2F09.sys
c:\users\Kathy\AppData\Roaming\rbap550.dll
c:\users\Kathy\AppData\Roaming\RBInternetEncodings600.dll
c:\users\Kathy\AppData\Roaming\rbqt550.DLL
c:\users\Kathy\g2mdlhlpx.exe
c:\users\Kathy\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB61121$
c:\windows\$NtUninstallKB61121$\1634242
c:\windows\Fonts\usps4cb.TTF
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 16:26 . 2012-07-27 16:28 -------- d-----w- c:\users\Kathy\AppData\Local\temp
2012-07-27 16:26 . 2012-07-27 16:26 -------- d-----w- c:\users\temp\AppData\Local\temp
2012-07-27 16:26 . 2012-07-27 16:26 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2012-07-27 16:26 . 2012-07-27 16:26 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2012-07-26 17:24 . 2012-07-26 17:24 -------- d-----w- C:\!KillBox
2012-07-26 14:28 . 2012-07-26 14:28 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2012-07-26 14:28 . 2012-07-26 14:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 14:28 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 14:28 . 2012-07-26 14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 16:08 . 2012-07-27 15:44 -------- d-----w- c:\users\Kathy\AppData\Roaming\ESC
2012-07-23 16:10 . 2012-07-23 16:10 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-20 19:37 . 2012-07-20 19:37 -------- d-----w- C:\Alexander-Estate-Sales_WebSite
2012-07-06 14:21 . 2012-07-06 14:21 -------- d-----w- c:\users\Kathy\AppData\Local\Amazon
2012-07-06 14:21 . 2012-07-06 14:21 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 16:10 . 2010-04-29 14:23 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 03:35 . 2012-04-30 13:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 03:35 . 2011-05-17 13:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 16:27 . 2012-05-03 16:27 1393736 ----a-w- c:\users\Kathy\gotomypc_635.exe
2012-04-13 17:48 . 2012-02-14 18:02 2752832 ----a-w- c:\program files\scrapebox.exe
2012-04-13 17:48 . 2011-04-13 08:21 482760 ----a-w- c:\program files\sbupdate.exe
2012-07-18 18:21 . 2011-03-23 17:40 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-26 21:42 . 2009-10-26 21:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 19:01 . 2010-05-07 06:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2009-09-26 20:21 2835256 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2009-09-26 20:21 2835256 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2009-09-26 20:21 2835256 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-19 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"ESC Accounting Server"="c:\program files\dESCO\ESC Accounting Server\ESC Accounting Server.exe" [2012-05-18 223656]
"3xAV"="c:\program files\Enounce\MySpeed\MySpeed.exe" [2012-07-02 937616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-02-20 53248]
"SigmatelSysTrayApp"="sttray.exe" [2007-04-12 303104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-10-17 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-11-20 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-18 2305912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-2-22 221247]
ESC Connections Server.lnk - c:\windows\Installer\{E661B454-879C-46B7-9DF4-E998489D5D8B}\_2E3DA4D21B6E3EC720B58B.exe [2012-7-25 266777]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
McAfee Online Backup Status.lnk - c:\program files\McAfee Online Backup\MOBKstat.exe [2009-9-26 3004728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2012-5-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-07-26 17:06 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-10-26 21:42 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 16:36]
.
2012-07-22 c:\windows\Tasks\Beacon Electrical Service 1239999331.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2012-05-14 19:09]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 15:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 15:24]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325132009-2859137560-2074168987-1000Core.job
- c:\users\Kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 09:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325132009-2859137560-2074168987-1000UA.job
- c:\users\Kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 09:24]
.
2012-07-27 c:\windows\Tasks\User_Feed_Synchronization-{6617BD6F-BC39-4AB2-88D0-318CEB39DF94}.job
- c:\windows\system32\msfeedssync.exe [2011-06-14 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\3x4ld82e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 24.77.168.91
FF - prefs.js: network.proxy.ftp_port - 8085
FF - prefs.js: network.proxy.gopher - 24.77.168.91
FF - prefs.js: network.proxy.gopher_port - 8085
FF - prefs.js: network.proxy.http - 24.77.168.91
FF - prefs.js: network.proxy.http_port - 8085
FF - prefs.js: network.proxy.socks - 24.77.168.91
FF - prefs.js: network.proxy.socks_port - 8085
FF - prefs.js: network.proxy.ssl - 24.77.168.91
FF - prefs.js: network.proxy.ssl_port - 8085
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CP2020 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP2020_Series -f PQOptimizerVideo.xml
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4312)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\xampp\apache\bin\apache.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\dESCO\ESC Connections Server\ESC Connections Server.exe
c:\xampp\filezillaftp\filezillaserver.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\xampp\apache\bin\apache.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-07-27 11:39:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 16:39
.
Pre-Run: 35,347,316,736 bytes free
Post-Run: 35,466,219,520 bytes free
.
- - End Of File - - DD1EAECB7CB8B03FBBFF0B637F0DF6C7

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:30 AM

Posted 07 August 2012 - 04:58 AM

Hi MSWD,

As you rightly state - you were infected with the ZeroAccess rootkit. As such, I should give the following warning:

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and has been killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 MSWD

MSWD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 07 August 2012 - 09:10 AM

I have since gotten a new computer. I have been migrating the files that I use to the new machine (one by one, hoping to not take any infected files). My plan was to reformat it once I got all the files off of it. It is connected to my network and has internet access. Should I disconnect from the network for now? Can I disconnect it from internet access and yet still allow it on the network for easy file transfer? If so can you guide me on how to disallow internet use?

I will begin changing passwords today.

It's a shame that this computer may never be secure again. It was a pretty high dollar Dell XPS system. My plan was to format it and reinstall the OS. I was going to use it as a client machine as my company grows. I would really like to be able to do that.

Please let me know if there is anything else I need to know.

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:30 AM

Posted 07 August 2012 - 09:48 AM

If you reformat and reinstall then you'll be fine: the PC will be completely safe to use.

Zero Access isn't a file infecter, so as long as you transfer personal files (e.g. .doc, .png) rather than Windows files (e.g. .exe, .dll) then you should be OK.

You've already cleaned the main Zero Access component when you ran ComboFix, so if your plan is to reformat I wouldn't worry about disconnecting from the internet for now. Just get the files you want off the PC, reformat and then reinstall and you'll be fine. :thumbup2:

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 MSWD

MSWD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 07 August 2012 - 10:24 AM

okay, thanks for the clarification. That's the plan then. Reformat and reinstall OS.

Thank you for all your time. I appreciate the advice.

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:30 AM

Posted 07 August 2012 - 10:27 AM

No problems :)

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:30 AM

Posted 07 August 2012 - 10:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users