Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes - cannot update and run???


  • Please log in to reply
21 replies to this topic

#1 judyjht

judyjht

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 08:57 AM

I saw Sendori listed in the add/remove list and got a bit nervous. Not sure where it came from. I tried to run Malwarebytes and it went to "connecting to the server" to update since it was 57 days overdue. They it locks up (nor responding) and never updates so I cannot run it. I have run it many times before with no issues. Any thoughts??

By the way, I also see Transmute and WinPcap and have no idea what those are either.

Edited by judyjht, 29 August 2012 - 09:00 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 29 August 2012 - 09:10 AM

Uninstall all the three programs.You dont need them

Download MBAM uninstaller

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/_clean

Run it,restart the PC


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#3 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 09:16 AM

I also see Sendori in the msconfig - startup - so I unchecked it. I will follow your instructions now.

#4 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 09:42 AM

Here is the log from TDSSkiller:

10:40:01.0015 1796 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:40:01.0531 1796 ============================================================
10:40:01.0531 1796 Current date / time: 2012/08/29 10:40:01.0531
10:40:01.0531 1796 SystemInfo:
10:40:01.0531 1796
10:40:01.0531 1796 OS Version: 5.1.2600 ServicePack: 3.0
10:40:01.0531 1796 Product type: Workstation
10:40:01.0531 1796 ComputerName: JHT-99
10:40:01.0531 1796 UserName: Judy Quickbooks
10:40:01.0531 1796 Windows directory: C:\WINDOWS
10:40:01.0531 1796 System windows directory: C:\WINDOWS
10:40:01.0531 1796 Processor architecture: Intel x86
10:40:01.0531 1796 Number of processors: 2
10:40:01.0531 1796 Page size: 0x1000
10:40:01.0531 1796 Boot type: Normal boot
10:40:01.0531 1796 ============================================================
10:40:03.0593 1796 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:40:03.0609 1796 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:40:03.0609 1796 Drive \Device\Harddisk2\DR4 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:40:03.0656 1796 ============================================================
10:40:03.0656 1796 \Device\Harddisk0\DR0:
10:40:03.0656 1796 MBR partitions:
10:40:03.0656 1796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
10:40:03.0656 1796 \Device\Harddisk1\DR1:
10:40:03.0656 1796 MBR partitions:
10:40:03.0656 1796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
10:40:03.0656 1796 \Device\Harddisk2\DR4:
10:40:03.0656 1796 MBR partitions:
10:40:03.0656 1796 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x12A14BC1
10:40:03.0656 1796 ============================================================
10:40:03.0687 1796 C: <-> \Device\Harddisk1\DR1\Partition1
10:40:03.0687 1796 D: <-> \Device\Harddisk0\DR0\Partition1
10:40:03.0718 1796 G: <-> \Device\Harddisk2\DR4\Partition1
10:40:03.0718 1796 ============================================================
10:40:03.0718 1796 Initialize success
10:40:03.0718 1796 ============================================================
10:40:34.0406 1108 ============================================================
10:40:34.0406 1108 Scan started
10:40:34.0406 1108 Mode: Manual; TDLFS;
10:40:34.0406 1108 ============================================================
10:40:35.0546 1108 ================ Scan system memory ========================
10:40:35.0546 1108 System memory - ok
10:40:35.0546 1108 ================ Scan services =============================
10:40:35.0656 1108 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:40:35.0656 1108 !SASCORE - ok
10:40:35.0843 1108 Abiosdsk - ok
10:40:35.0843 1108 abp480n5 - ok
10:40:35.0875 1108 ACDaemon - ok
10:40:35.0890 1108 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:40:35.0921 1108 ACPI - ok
10:40:35.0937 1108 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:40:35.0937 1108 ACPIEC - ok
10:40:35.0968 1108 [ 93E118B465160D9D01907EA3350353CA ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
10:40:36.0000 1108 AcrSch2Svc - ok
10:40:36.0015 1108 [ ECE68655D81D662BC961ABC05BA9680E ] adfs C:\WINDOWS\system32\drivers\adfs.sys
10:40:36.0015 1108 adfs - ok
10:40:36.0078 1108 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:36.0093 1108 AdobeFlashPlayerUpdateSvc - ok
10:40:36.0109 1108 adpu160m - ok
10:40:36.0109 1108 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:40:36.0156 1108 aec - ok
10:40:36.0187 1108 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
10:40:36.0187 1108 Afc - ok
10:40:36.0234 1108 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:40:36.0234 1108 AFD - ok
10:40:36.0250 1108 Aha154x - ok
10:40:36.0250 1108 aic78u2 - ok
10:40:36.0250 1108 aic78xx - ok
10:40:36.0265 1108 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:40:36.0265 1108 Alerter - ok
10:40:36.0296 1108 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:40:36.0296 1108 ALG - ok
10:40:36.0296 1108 AliIde - ok
10:40:36.0296 1108 amsint - ok
10:40:36.0343 1108 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
10:40:36.0343 1108 APC UPS Service - ok
10:40:36.0375 1108 [ 1FC8A7E5C3AED31F00940C6AB2FD9B49 ] APL531 C:\WINDOWS\system32\Drivers\ov550i.sys
10:40:36.0375 1108 APL531 - ok
10:40:36.0437 1108 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:40:36.0453 1108 Apple Mobile Device - ok
10:40:36.0468 1108 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:40:36.0468 1108 AppMgmt - ok
10:40:36.0468 1108 asc - ok
10:40:36.0468 1108 asc3350p - ok
10:40:36.0484 1108 asc3550 - ok
10:40:36.0703 1108 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:40:36.0734 1108 aspnet_state - ok
10:40:36.0750 1108 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:40:36.0750 1108 AsyncMac - ok
10:40:36.0765 1108 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:40:36.0765 1108 atapi - ok
10:40:36.0812 1108 Atdisk - ok
10:40:36.0828 1108 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS

#5 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 10:48 AM

Here is the aswMBR Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 10:45:57
-----------------------------
10:45:57.218 OS Version: Windows 5.1.2600 Service Pack 3
10:45:57.218 Number of processors: 2 586 0x1706
10:45:57.218 ComputerName: JHT-99 UserName:
10:46:10.859 Initialize success
10:47:12.890 AVAST engine defs: 12082900
10:47:19.593 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:47:19.593 Disk 0 Vendor: WDC_WD5000AAKS-00V6A0 05.01D05 Size: 476938MB BusType: 3
10:47:19.593 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
10:47:19.593 Disk 1 Vendor: WDC_WD5000AAKS-00UU3A0 01.03B01 Size: 476938MB BusType: 3
10:47:19.593 Disk 2 \Device\Harddisk2\DR4 -> \Device\00000091
10:47:19.593 Disk 2 Vendor: Size: 476938MB BusType: 0
10:47:19.625 Disk 1 MBR read successfully
10:47:19.625 Disk 1 MBR scan
10:47:19.656 Disk 1 Windows XP default MBR code
10:47:19.656 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
10:47:19.656 Disk 1 scanning sectors +625121280
10:47:19.750 Disk 1 scanning C:\WINDOWS\system32\drivers
10:47:28.921 Service scanning
10:47:34.687 Service Kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
10:47:34.718 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
10:47:34.843 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
10:47:34.859 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
10:47:43.750 Modules scanning
10:47:54.093 Disk 1 trace - called modules:
10:47:54.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:47:54.109 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a903ab8]
10:47:54.109 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a88c030]
10:47:54.109 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8a8b4d98]
10:47:55.328 AVAST engine scan C:\WINDOWS
10:48:01.890 AVAST engine scan C:\WINDOWS\system32
10:50:51.718 AVAST engine scan C:\WINDOWS\system32\drivers
10:51:08.828 AVAST engine scan C:\Documents and Settings\Judy Quickbooks
11:30:59.484 AVAST engine scan C:\Documents and Settings\All Users
11:44:10.734 Scan finished successfully
11:47:04.406 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Judy Quickbooks\Desktop\MBR.dat"
11:47:04.406 The log file has been saved successfully to "C:\Documents and Settings\Judy Quickbooks\Desktop\aswMBR.txt"

#6 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 12:42 PM

Here is the ESET threat list:

C:\Documents and Settings\Administrator\Local Settings\Temp\NERO1001370\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Judy Quickbooks\Application Data\OpenCandy\OpenCandy_2907E110B2CF42C0BB61E6E8EE4E8359\registrybooster(4).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Judy Quickbooks\Desktop\Misc Icons\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Judy Quickbooks\Local Settings\Temp\ICReinstall\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
D:\Backup of C\Desktop\Misc Icons\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 29 August 2012 - 12:50 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 02:31 PM

Here is the MalwareBytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Judy Quickbooks :: JHT-99 [administrator]

8/29/2012 1:45:23 PM
mbam-log-2012-08-29 (13-45-23).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474717
Time elapsed: 1 hour(s), 30 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 02:48 PM

There is no "regular mode" only Quick, Full or Flash scan - so I chose Full again. OK??

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 29 August 2012 - 02:56 PM

go ahead with other scans

#11 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 04:14 PM

The mdam came back clean again:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Judy Quickbooks :: JHT-99 [administrator]

8/29/2012 3:42:25 PM
mbam-log-2012-08-29 (15-42-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 467220
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Now I will do the MiniToolBox and Farbar Service Scanner.

#12 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 04:22 PM

Here is the MiniToolDup results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Judy Quickbooks (administrator) on 29-08-2012 at 17:14:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=static addr=216.146.35.35 register=PRIMARY
add dns name="Local Area Connection 2" addr=216.146.36.36 index=2
add dns name="Local Area Connection 2" addr=192.168.0.1 index=3
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jht-99

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : hsd1.ma.comcast.net.

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-1D-7D-E9-41-3C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.193

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 216.146.35.35

216.146.36.36

192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, August 29, 2012 3:34:04 PM

Lease Expires . . . . . . . . . . : Thursday, August 30, 2012 3:34:04 PM

Server: resolver1.dyndnsinternetguide.com
Address: 216.146.35.35

Name: google.com
Addresses: 74.125.226.193, 74.125.226.206, 74.125.226.197, 74.125.226.198
74.125.226.201, 74.125.226.196, 74.125.226.200, 74.125.226.194, 74.125.226.192
74.125.226.195, 74.125.226.199



Pinging google.com [74.125.226.193] with 32 bytes of data:



Reply from 74.125.226.193: bytes=32 time=37ms TTL=55

Reply from 74.125.226.193: bytes=32 time=36ms TTL=55



Ping statistics for 74.125.226.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 37ms, Average = 36ms

Server: resolver1.dyndnsinternetguide.com
Address: 216.146.35.35

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=143ms TTL=51

Reply from 98.139.183.24: bytes=32 time=324ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 143ms, Maximum = 324ms, Average = 233ms

Server: resolver1.dyndnsinternetguide.com
Address: 216.146.35.35

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 7d e9 41 3c ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.193 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.193 192.168.0.193 20
192.168.0.0 255.255.255.0 192.168.0.193 192.168.0.193 10
192.168.0.193 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.193 192.168.0.193 10
224.0.0.0 240.0.0.0 192.168.0.193 192.168.0.193 10
255.255.255.255 255.255.255.255 192.168.0.193 192.168.0.193 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/29/2012 10:19:18 AM) (Source: SendoriService) (User: )
Description: Retrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80070424.

Error: (08/29/2012 09:17:04 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (08/29/2012 07:35:28 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (08/29/2012 07:35:27 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (08/29/2012 07:35:27 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error: (08/28/2012 08:01:05 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (08/28/2012 08:01:04 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (08/28/2012 08:01:04 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error: (08/28/2012 02:44:12 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (08/28/2012 02:44:12 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\JHT Associates, Inc.QBW;ENG=QB_data_engine_20;DBN=1048bfe534784a05a594350cc30cb6c1


System errors:
=============
Error: (08/29/2012 00:22:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (08/29/2012 09:08:17 AM) (Source: Service Control Manager) (User: )
Description: The GoToMyPC service failed to start due to the following error:
%%3

Error: (08/29/2012 09:08:17 AM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service failed to start due to the following error:
%%1053

Error: (08/29/2012 09:08:17 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Freemake Improver service to connect.

Error: (08/29/2012 09:08:16 AM) (Source: Service Control Manager) (User: )
Description: The wntpport service failed to start due to the following error:
%%2

Error: (08/29/2012 07:22:27 AM) (Source: DCOM) (User: JHT-99)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user JHT-99\UpdatusUser SID (S-1-5-21-602162358-1547161642-725345543-1008). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2012 05:52:25 AM) (Source: DCOM) (User: JHT-99)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user JHT-99\UpdatusUser SID (S-1-5-21-602162358-1547161642-725345543-1008). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2012 04:53:23 AM) (Source: DCOM) (User: JHT-99)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user JHT-99\UpdatusUser SID (S-1-5-21-602162358-1547161642-725345543-1008). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2012 04:52:23 AM) (Source: DCOM) (User: JHT-99)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user JHT-99\UpdatusUser SID (S-1-5-21-602162358-1547161642-725345543-1008). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2012 03:52:22 AM) (Source: DCOM) (User: JHT-99)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user JHT-99\UpdatusUser SID (S-1-5-21-602162358-1547161642-725345543-1008). This security permission can be modified using the Component Services administrative tool.


Microsoft Office Sessions:
=========================
Error: (08/07/2012 04:47:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 83469 seconds with 3840 seconds of active time. This session ended with a crash.

Error: (02/13/2012 10:58:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/23/2012 11:38:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4792 seconds with 180 seconds of active time. This session ended with a crash.

Error: (01/19/2012 04:23:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17599 seconds with 4260 seconds of active time. This session ended with a crash.

Error: (01/03/2012 02:10:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11892 seconds with 3480 seconds of active time. This session ended with a crash.

Error: (11/17/2011 00:20:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8151 seconds with 960 seconds of active time. This session ended with a crash.

Error: (11/16/2011 05:16:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18034 seconds with 4620 seconds of active time. This session ended with a crash.

Error: (11/03/2011 01:39:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13666 seconds with 780 seconds of active time. This session ended with a crash.

Error: (05/12/2011 04:29:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28100 seconds with 5040 seconds of active time. This session ended with a crash.

Error: (04/04/2011 10:17:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 222 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

@BIOS (Version: 1.22)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2350 (Version: 47.0.1.000)
2350_Help (Version: 47.0.1.000)
2350Trb (Version: 47.0.1.000)
7-Zip 9.22beta
Acronis True Image Home (Version: 10.0.4871)
Adobe AIR (Version: 3.4.0.2540)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Connect Add-in
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Reader 9.3.1 (Version: 9.3.1)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced System Optimizer 2 (Version: 2.01)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Alt-N ComAgent (Version: 10.1.1)
APC PowerChute Personal Edition (Version: 2.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Belarc Advisor 8.1
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 45.4.157.000)
CameraHelperMsi (Version: 13.31.1038.0)
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.2
Canon Utilities ZoomBrowser EX
Carbonite (Version: 5.2.2 build 2058 (May-08-2012))
CCleaner (Version: 3.22)
CCScore (Version: 8.02.0000.0001)
CleVR Stitcher (Version: 1.20090723)
CleVR Stitcher (Version: 1.255)
Comcast Access (Version: 1.48)
Comcast Access (Version: ComcastAccess-1.48)
Connect (Version: 1.0.0.1)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DMIView B06.1227.01 (Version: 1.00.0000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Dropbox (Version: 1.4.11)
Dyn Updater (Version: 4.1.10)
EASEUS Data Recovery Wizard Free Edition 5.5.1
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Evernote v. 4.5.7 (Version: 4.5.7.7146)
Fax (Version: 47.0.1.000)
Freemake Video Downloader (Version: 3.1.0)
FreeSizer v.1.0.0 (Version: 1.0.0)
GlobeReader (Version: 1.059)
GoodSync (Version: 8.9.5.5)
Google Chrome (Version: 21.0.1180.83)
Google Talk Plugin (Version: 3.5.1.8982)
Google Update Helper (Version: 1.3.21.115)
GoToAssist Customer 1.6.0.403 (Version: 1.6.0.403)
GrampsAIO (Version: 3.3.1-2)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 100.000.001.000)
HP Product Assistant (Version: 2.0.0.0)
HP Product Detection (Version: 11.14.0001)
HP PSC & OfficeJet 4.7
HP Update (Version: 5.003.001.001)
HPSystemDiagnostics (Version: 1.6.0.0)
Hulu Desktop (Version: 0.9.14)
ImgBurn (Version: 2.5.6.0)
InstantShare (Version: 45.4.157.000)
InstantShareAlert (Version: 1.00.0000)
IP Camera
iPod for Windows 2005-02-22 (Version: 3.1.0)
IPSetup (Version: 1.0.6)
iTunes (Version: 10.6.3.25)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
Jing (Version: 2.6.12032.1)
Kaspersky Anti-Virus 2012 (Version: 12.0.0.374)
Kodak EasyShare software
KODAK Gallery Upload Software (Version: 1.00.0000)
kuler (Version: 2.0)
LastPass (uninstall only)
Logitech QuickCam Driver Package
Logitech Updater (Version: 1.70)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 45.4.158.000)
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6215.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
Mirage Driver 1.1 (Version: 1.1)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
My Webcam Broadcaster (Version: 1.0.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Nero 8 Trial (Version: 8.3.500)
neroxml (Version: 1.0.0)
netbrdg (Version: 7.01.0000.0001)
Network Magic (Version: 4.9.8225.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OfotoNow
OfotoXMI (Version: 8.03.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
ooVoo (Version: 3.5.1072)
Opera 11.62 (Version: 11.62.1347)
OVT Scanner X86 (Version: 1.00.0000)
Palm Outlook Conduits Updater (Version: 1.00.0000)
palmOne (Version: 4.1.0420)
PanoStandAlone (Version: 45.4.157.000)
PC Inspector smart recovery (Version: 4.50)
PDF-XChange Lite 4 (Version: 4.0.194.0)
PDF Settings CS4 (Version: 9.0)
PhotoGallery (Version: 45.4.157.000)
Photoshop Camera Raw (Version: 5.0)
Picasa 3 (Version: 3.8)
ProductContext (Version: 47.0.1.000)
Pudding
Pulse Ambassador (Version: 13.1.4155)
Pure Networks Platform (Version: 10.2.8216.0)
QFolder (Version: 1.00.0000)
QuickBooks (Version: 20.0.4012.807)
QuickBooks Pro 2010 (Version: 20.0.4012.807)
QuickTime (Version: 7.72.80.56)
Readme (Version: 47.0.1.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5567)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SAGE-Online (Version: 5.00.0000)
SAGEim (Version: 1.00.0000)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SeaTools for Windows (Version: 1.2.0.5)
Secunia PSI (2.0.0.3003)
SecurView ver.1.2.0.7 (Version: 1.2.7)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SkinsHP1 (Version: 45.4.157.000)
SKINXSDK (Version: 8.02.0000.0001)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.116)
Slickscreen (Version: 1.5.0.12)
SolveigMM AVI Trimmer (Version: 2.0.1204.27)
Speccy (Version: 1.11)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.02.0000.0001)
StickyPad (Version: 2.3.52)
Suite Shared Configuration CS4 (Version: 1.0)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
System Requirements Lab
SYSTEM_INFO B07.1219.01 (Version: 1.00.0000)
Taskbar Shuffle version 2.5 (Version: 2.5)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TrayApp (Version: 45.4.157.000)
Uninstall OVT Scanner
Unload (Version: 4.5.0)
Unsubscribe Outlook 2007 (Version: 2.0.3)
Unsubscribe.com (Version: 1.0.5)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Windows (KB971513)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCRedistSetup (Version: 1.0.0)
Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual Studio 2005 Tools for Office Second Edition Runtime
VPRINTOL (Version: 8.02.0000.0001)
WebEx
WebEx Meeting Manager for Firefox/Netscape/Chrome (Version: 8.0.4917)
WebEx Recorder and Player (Version: 3.29.3201)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 45.4.157.000)
Wilcom TrueSizer (Version: 13.0.0198)
Wilcom TrueSizer (Version: 15.0.0196)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 8.02.0000.0001)
XFINITY Caller ID (Version: 3.1.38)
Xmarks for IE (Version: 127.0.151)
XML Paper Specification Shared Components Pack 1.0
Xobni Core (Version: 1.0.0)
YouSendIt Express (Version: 2.1.0)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2046.42 MB
Available physical RAM: 993.87 MB
Total Pagefile: 4447.87 MB
Available Pagefile: 3506.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.25 MB

========================= Partitions: =====================================

2 Drive c: (SYSTEM) (Fixed) (Total:298.08 GB) (Free:197.34 GB) NTFS
3 Drive d: (Backup - D Drive) (Fixed) (Total:465.76 GB) (Free:379.22 GB) NTFS
6 Drive g: (Seagate) (Fixed) (Total:149.04 GB) (Free:148.47 GB) NTFS

========================= Users: ========================================

User accounts for \\JHT-99

Administrator ASPNET Guest
HelpAssistant JUDY Judy Quickbooks
SUPPORT_388945a0 UpdatusUser


**** End of log ****

#13 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 04:25 PM

Here is the Farbar Service Scanner:

Farbar Service Scanner Version: 06-08-2012
Ran by Judy Quickbooks (administrator) on 29-08-2012 at 17:23:28
Running from "C:\Documents and Settings\Judy Quickbooks\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kl2(1) NetBT(6) PSched(7) Tcpip(4)
0x09000000010000000900000008000000050000000300000004000000080000000600000007000000


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 29 August 2012 - 04:49 PM

Adware cleaner log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#15 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:04:58 AM

Posted 29 August 2012 - 04:55 PM

Oops - I did not even see that one. Here it is:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2012 05:52:40 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\IoctlSvc.exe (PID: 2760) [WD-HEUR]
* C:\WINDOWS\system32\HPZipm12.exe (PID: 2852) [WD-HEUR]
* C:\Documents and Settings\Judy Quickbooks\Start Menu\Programs\Startup\Snippy.exe (PID: 3548) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/29/2012 05:53:18 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users