Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Removal


  • Please log in to reply
7 replies to this topic

#1 NaturePhotoNut

NaturePhotoNut

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 08:15 PM

having issues with a couple of trojans, Gendal which likes to change the number associated with it Example: Gendal.kd.375976 to Gendal.kd.372199 and so on. Also have found a new one titled Graftor.1574. I am guessing these are being installed as a direct result of my counterpart downloading or visiting a site he should not have. I have Avira installed, and kept up to date with auto updates and autoscan every day. However it's not getting the rootkit that I believe is installed into the registry. I am a novice at best, and have enough understanding of computers to be effective however, this is beyond my general scope and understanding. Any help that anyone could provide for removing these annoyances would be awesome.

Thanks

Here is the most recent report from Avira from around noonish today:



Avira AntiVir Personal
Report file date: Tuesday, November 01, 2011 13:13

Scanning for 3461452 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : AANG

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/29/2011 04:09:46
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/29/2011 04:09:46
LUKE.DLL : 10.3.0.5 45416 Bytes 6/29/2011 04:09:46
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/29/2011 04:09:46
AVREG.DLL : 10.3.0.9 88833 Bytes 7/12/2011 11:28:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 10:30:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 10:23:58
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 01:30:35
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 11:24:46
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 21:15:03
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 11:21:16
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 11:48:14
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 11:48:18
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 11:48:18
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 11:48:19
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 11:48:20
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 11:48:20
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 11:44:44
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 11:17:02
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 18:19:29
VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 13:34:47
VBASE017.VDF : 7.11.16.34 187904 Bytes 10/18/2011 21:54:29
VBASE018.VDF : 7.11.16.77 139264 Bytes 10/20/2011 22:47:34
VBASE019.VDF : 7.11.16.112 162816 Bytes 10/24/2011 11:22:01
VBASE020.VDF : 7.11.16.150 167424 Bytes 10/26/2011 23:05:53
VBASE021.VDF : 7.11.16.187 171520 Bytes 10/28/2011 11:17:34
VBASE022.VDF : 7.11.16.188 2048 Bytes 10/28/2011 11:17:34
VBASE023.VDF : 7.11.16.189 2048 Bytes 10/28/2011 11:17:35
VBASE024.VDF : 7.11.16.190 2048 Bytes 10/28/2011 11:17:35
VBASE025.VDF : 7.11.16.191 2048 Bytes 10/28/2011 11:17:36
VBASE026.VDF : 7.11.16.192 2048 Bytes 10/28/2011 11:17:36
VBASE027.VDF : 7.11.16.193 2048 Bytes 10/28/2011 11:17:36
VBASE028.VDF : 7.11.16.194 2048 Bytes 10/28/2011 11:17:36
VBASE029.VDF : 7.11.16.195 2048 Bytes 10/28/2011 11:17:37
VBASE030.VDF : 7.11.16.196 2048 Bytes 10/28/2011 11:17:37
VBASE031.VDF : 7.11.16.202 175616 Bytes 10/30/2011 12:44:15
Engineversion : 8.2.6.100
AEVDF.DLL : 8.1.2.2 106868 Bytes 10/26/2011 23:06:04
AESCRIPT.DLL : 8.1.3.84 467324 Bytes 10/28/2011 11:17:51
AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 14:54:15
AESBX.DLL : 8.2.1.34 323957 Bytes 6/2/2011 11:27:03
AERDL.DLL : 8.1.9.15 639348 Bytes 9/10/2011 01:08:20
AEPACK.DLL : 8.2.13.3 684407 Bytes 10/26/2011 23:06:03
AEOFFICE.DLL : 8.1.2.18 201084 Bytes 10/26/2011 23:06:02
AEHEUR.DLL : 8.1.2.186 3789177 Bytes 10/28/2011 11:17:50
AEHELP.DLL : 8.1.18.0 254327 Bytes 10/26/2011 23:05:58
AEGEN.DLL : 8.1.5.11 401781 Bytes 10/26/2011 23:05:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 14:52:13
AECORE.DLL : 8.1.24.0 196983 Bytes 10/26/2011 23:05:57
AEBB.DLL : 8.1.1.0 53618 Bytes 6/30/2010 01:59:38
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/29/2011 04:09:46
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 11:23:05
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/29/2011 04:09:46
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/29/2011 04:09:46
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/29/2011 04:09:46
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/29/2011 04:09:46

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ed5a3a9\guard_slideup.avp
Logging.............................: Complete
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Expanded scan settings..............: 0x08000000
Expanded scan settings..............: 0x00300002

Start of the scan: Tuesday, November 01, 2011 13:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe>
Scan process 'LogTransport2.exe' - '1' Module(s) have been scanned
Module is OK -> <E:\New folder\Adobe Bridge CS5\LogTransport2.exe>
Scan process 'SwitchBoard.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe>
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe>
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe>
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe>
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe>
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe>
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Ask.com\Updater\Updater.exe>
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe>
Scan process 'ActiveCollector.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\NetNucleous\ActiveCollector\ActiveCollector.exe>
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe>
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe>
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Windows\vVX1000.exe>
Scan process 'ToolbarUpdaterService.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe>
Scan process 'SeaPort.EXE' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE>
Scan process 'nlssrv32.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Windows\SysWOW64\nlssrv32.exe>
Scan process 'EKAiOHostService.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe>
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe>
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe>
Scan process 'sched.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe>
Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe>

Starting the file scan:

Begin scan in 'C:\Users\Christian\AppData\Roaming\NBT\nbt.exe'
C:\Users\Christian\AppData\Roaming\NBT\
nbt.exe
[DETECTION] Is the TR/Gendal.KD.386136 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49918625.qua'.


End of the scan: Tuesday, November 01, 2011 13:13
Used time: 00:02 Minute(s)

The scan has been done completely.

0 Scanned directories
23 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
22 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

BC AdBot (Login to Remove)

 


#2 NaturePhotoNut

NaturePhotoNut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 08:22 PM

OS: is Win7. sry forgot to include that in the initial topic.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:43 AM

Posted 01 November 2011 - 08:40 PM

Hello, this is a Backdoor,injector trojan. It plants itself at each start up. More important
This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please run a few tools..
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#4 NaturePhotoNut

NaturePhotoNut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 09:03 PM

MiniToolBox by Farbar
Ran by Brandon (administrator) on 01-11-2011 at 21:55:53
Windows 7 Ultimate Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90

There are 1 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Aang
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-23-54-D3-96-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1554:9aa6:4b95:5aca%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 01, 2011 12:09:46 PM
Lease Expires . . . . . . . . . . : Saturday, December 09, 2147 4:24:14 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BB-F7-EE-00-23-54-D3-96-7C
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4be:10ef:b719:693c(Preferred)
Link-local IPv6 Address . . . . . : fe80::4be:10ef:b719:693c%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 72.14.204.99
72.14.204.103
72.14.204.104
72.14.204.105
72.14.204.147


Pinging google.com [72.14.204.99] with 32 bytes of data:
Reply from 72.14.204.99: bytes=32 time=39ms TTL=50
Reply from 72.14.204.99: bytes=32 time=43ms TTL=50

Ping statistics for 72.14.204.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 43ms, Average = 41ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=76ms TTL=52
Reply from 72.30.2.43: bytes=32 time=75ms TTL=52

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 76ms, Average = 75ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 23 54 d3 96 7c ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:4be:10ef:b719:693c/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::4be:10ef:b719:693c/128
On-link
10 276 fe80::1554:9aa6:4b95:5aca/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [280232] (Avira GmbH)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [280232] (Avira GmbH)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [280232] (Avira GmbH)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2011 01:19:03 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a4c

Start Time: 01cc98ba28873d5f

Termination Time: 47

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 92448ed8-04ad-11e1-acc9-002354d3967c

Error: (10/27/2011 08:21:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/27/2011 01:35:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Photoshop.exe, version: 12.0.4.0, time stamp: 0x4d9d8f8e
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000417
Fault offset: 0x00000000000552d4
Faulting process id: 0x1110
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

Error: (10/21/2011 01:34:18 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b40

Start Time: 01cc8fa0102b8ac5

Termination Time: 3014

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 151faab0-fba6-11e0-b61c-002354d3967c

Error: (10/12/2011 09:13:50 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (10/08/2011 03:07:51 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e0

Start Time: 01cc8508ee791ef1

Termination Time: 100

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (10/07/2011 07:54:46 PM) (Source: Application Hang) (User: )
Description: The program WoW.exe version 4.2.2.14545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1368

Start Time: 01cc854b9d112a9c

Termination Time: 370

Application Path: E:\World of Warcraft\WoW.exe

Report Id:

Error: (10/06/2011 01:26:25 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b80

Start Time: 01cc83e82156f490

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (10/05/2011 07:47:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e4b4
Faulting process id: 0x894
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/29/2011 08:27:35 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c4

Start Time: 01cc7ec20f1364dd

Termination Time: 54

Application Path: C:\Windows\Explorer.EXE

Report Id: f932f893-eafa-11e0-a125-002354d3967c


System errors:
=============
Error: (11/01/2011 00:14:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (11/01/2011 00:10:42 PM) (Source: Service Control Manager) (User: )
Description: The WD File Management Engine service failed to start due to the following error:
%%1053

Error: (11/01/2011 00:10:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.

Error: (11/01/2011 07:23:47 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (11/01/2011 07:23:47 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (11/01/2011 07:23:17 AM) (Source: Service Control Manager) (User: )
Description: The WD File Management Shadow Engine service failed to start due to the following error:
%%1053

Error: (11/01/2011 07:23:17 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.

Error: (11/01/2011 07:22:39 AM) (Source: Service Control Manager) (User: )
Description: The WD File Management Engine service failed to start due to the following error:
%%1053

Error: (11/01/2011 07:22:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.

Error: (10/31/2011 09:14:45 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (11/10/2010 05:42:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
.print Client Windows (RDP) (Version: 8.0.93)
ActiveCollector (Version: 1.0.0)
Adobe AIR (Version: 2.6.0.19120)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin 64-bit (Version: 10.3.162.28)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Photoshop Lightroom 3.4 64-bit (Version: 3.4.1)
Adobe Photoshop.com Inspiration Browser (Version: 2.61)
Adobe Reader 9.4.5 (Version: 9.4.5)
AIM 7
aioprnt (Version: 5.7.4.0)
aioscnnr (Version: 6.0.2.0)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Ares 2.1.6 (Version: 2.1.6-Build#3040)
Ask Toolbar (Version: 1.12.2.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
Bing Bar (Version: 7.0.619.0)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.1.1)
Canon Utilities EOS Utility (Version: 2.3.1.3)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
center (Version: 6.2.5.0)
Color Efex Pro 3.0 Complete (Version: 3.1.1.0)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dfine 2.0 (Version: 2.1.0.7)
DHTML Editing Component (Version: 6.02.0001)
DivX Setup (Version: 2.3.1.2)
Download Updater (AOL LLC)
essentials (Version: 6.0.14.0)
Fleetware Version 11 OSM Pack (Version: 1.00.0000)
Google Chrome (Version: 15.0.874.106)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
HDR Efex Pro (Version: 1.2.0.0)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Kodak AIO Printer (Version: 6.2.4.0)
KODAK AiO Software (Version: 6.2.6.20)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
nbt
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 280.19 (Version: 280.19)
NVIDIA 3D Vision Driver 280.26 (Version: 280.26)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8026)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
ocr (Version: 6.2.3.50)
PDF Settings CS5 (Version: 10.0)
PhotoshopdotcomInspirationBrowser (Version: 0.0.0)
Portrait Professional Studio 9.0 (Version: 9.0)
PreReq (Version: 6.2.2.60)
QueryScan 1.0 build 127 powered by FIRST SEARCHBAR
QuickTime (Version: 7.69.80.9)
Sharpener Pro 3.0 (Version: 3.0.0.5)
Silver Efex Pro 2 (Version: 2.0.0.0)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.120)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
StartNow Toolbar (Version: 2.3.0)
System Requirements Lab
TurboTax 2010
TurboTax 2010 wcoiper (Version: 010.000.0955)
TurboTax 2010 WinPerFedFormset (Version: 010.000.3610)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0431)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0202)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viveza 2 (Version: 2.0.0.4)
WD SmartWare (Version: 1.4.1.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Warcraft (Version: 4.2.2.14545)

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 4095.11 MB
Available physical RAM: 2840.95 MB
Total Pagefile: 8188.42 MB
Available Pagefile: 6468.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.15 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.41 GB) (Free:20.59 GB) NTFS
4 Drive e: (Data Drive) (Fixed) (Total:232.88 GB) (Free:178.3 GB) NTFS
5 Drive f: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
6 Drive g: (My Book) (Fixed) (Total:931.48 GB) (Free:825.57 GB) NTFS

========================= Users: ========================================

User accounts for \\AANG

Administrator Brandon Christian
Guest UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#5 NaturePhotoNut

NaturePhotoNut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 09:11 PM

Currently running Mbam. will post log when complete.

Boopme, Thank you so much for the assistance, I do quite a bit of business on my profile on this computer, as I am a photographer, I have gone ahead and changed all account passwords and sent monitoring emails to my financial institutions so they can track any odd or out of the normal transactions.

#6 NaturePhotoNut

NaturePhotoNut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 09:15 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8065

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/1/2011 10:14:11 PM
mbam-log-2011-11-01 (22-14-11).txt

Scan type: Quick scan
Objects scanned: 207449
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 11

Memory Processes Infected:
c:\program files (x86)\netnucleous\activecollector\activecollector.exe (Adware.Mirar) -> 2020 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C7A0D765-7EA8-4a21-98DE-784B89868EC8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E766BB98-6F19-469B-A7F4-5092C744767C} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ActiveCollectorPlugin.ActiveCollectorPluginBHO.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ActiveCollectorPlugin.ActiveCollectorPluginBHO (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F2513D6A-15FB-448C-A504-1B44D6CFE40A} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ActiveCollectorPlugin.DLL (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\Software\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryScan (Adware.GabPath) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUERYSCAN (Adware.QueryScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NBT (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ActiveCollector (Adware.Mirar) -> Value: ActiveCollector -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Value: 0ESKOMO9JO -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryScan\DisplayName (Adware.QueryScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nbt\DisplayName (Adware.Agent) -> Value: DisplayName -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\christian\AppData\Roaming\NBT (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\netnucleous (Adware.Mirar) -> Quarantined and deleted successfully.
c:\program files (x86)\netnucleous\activecollector (Adware.Mirar) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\netnucleous (Adware.Mirar) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\netnucleous\activecollector (Adware.Mirar) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\netnucleous\activecollector\CS (Adware.Mirar) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a} (Adware.QueryScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\chrome (Adware.QueryScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\defaults (Adware.QueryScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\defaults\preferences (Adware.QueryScan) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\netnucleous\activecollector\activecollector.exe (Adware.Mirar) -> Quarantined and deleted successfully.
c:\program files (x86)\netnucleous\activecollector\activecollectorplugin.dll (Adware.Mirar) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\NBT\nbt.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\NBT\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\netnucleous\activecollector\acrecover.exe (Adware.Mirar) -> Quarantined and deleted successfully.
c:\Users\christian\AppData\Roaming\netnucleous\activecollector\CS\collectorserver.disco (Adware.Mirar) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\install.rdf (Adware.QueryScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\chrome\queryscan.jar (Adware.QueryScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{67e7f3e5-8b3a-4219-b92b-47f9e05f5f4a}\defaults\preferences\prefs.js (Adware.QueryScan) -> Quarantined and deleted successfully.

#7 NaturePhotoNut

NaturePhotoNut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 November 2011 - 10:10 PM

gmer log is empty.... did not detect any problems/issues/exceptions.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:43 AM

Posted 02 November 2011 - 04:05 PM

Ok, Looking good, I take it you use a lot of Adobe apps.

I would like to run 2 more tools one quick and the other an hour.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users