Trojan-BNK.win32.keylogger.gen

View previous topic View next topic Go down

Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Thu Mar 31, 2011 2:50 pm

Guys please help me! I am on another computer right now.

Malware will not work and my XP security is saying I have been slammed with a ton of viruses! My firefox will not work or my Malware! Also, I tried to restart it in safe mode and a blue screen comes up. I'm scared!!!

I had AVIRA scan and saved the log and did the same for HiJackThis:

AVIRA:

Avira AntiVir Personal
Report file date: Thursday, March 31, 2011 10:38

Scanning for 2551242 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Debbie
Computer name : BURLAP

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 11/30/2010 23:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 11/30/2010 23:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:40:51
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:28:31
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 08:21:49
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 08:21:49
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 08:21:50
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 08:21:52
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 08:21:52
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 08:21:53
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 08:21:53
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 08:21:53
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 08:21:53
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 08:21:53
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 08:21:53
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 08:20:10
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 08:20:13
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 08:20:12
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 08:20:16
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 08:20:13
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 08:17:28
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 08:17:27
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 13:46:17
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 13:46:18
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 08:20:11
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 07:20:10
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 07:20:09
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 07:20:57
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 17:51:34
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 13:00:44
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 12:57:53
VBASE029.VDF : 7.11.5.123 2048 Bytes 3/30/2011 12:57:54
VBASE030.VDF : 7.11.5.124 2048 Bytes 3/30/2011 12:57:54
VBASE031.VDF : 7.11.5.147 93696 Bytes 3/31/2011 12:57:50
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 12:43:41
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/18/2011 07:21:00
AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 18:51:07
AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 18:51:32
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 20:38:41
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/25/2011 20:38:40
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/25/2011 20:38:40
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/25/2011 20:38:39
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/5/2011 17:05:53
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/18/2011 07:20:56
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 18:49:25
AECORE.DLL : 8.1.19.2 196983 Bytes 1/21/2011 08:19:39
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 15:56:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 11/30/2010 23:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 11/30/2010 23:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 11/30/2010 23:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 11/30/2010 23:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 11/30/2010 23:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 11/30/2010 23:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 11/30/2010 23:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/30/2010 23:13:38

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 31, 2011 10:38

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'LaunchPad.exe' - '89' Module(s) have been scanned
Scan process 'dllhost.exe' - '46' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'avcenter.exe' - '96' Module(s) have been scanned
Scan process 'msiexec.exe' - '34' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'yhj.exe' - '57' Module(s) have been scanned
Scan process 'distnoted.exe' - '37' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '54' Module(s) have been scanned
Scan process 'iTunes.exe' - '151' Module(s) have been scanned
Scan process 'realsched.exe' - '35' Module(s) have been scanned
Scan process 'msdtc.exe' - '41' Module(s) have been scanned
Scan process 'Adobe_Updater.exe' - '61' Module(s) have been scanned
Scan process 'jucheck.exe' - '54' Module(s) have been scanned
Scan process 'skypePM.exe' - '60' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '75' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '40' Module(s) have been scanned
Scan process 'qbupdate.exe' - '88' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'KEM.exe' - '38' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '64' Module(s) have been scanned
Scan process 'DynexWCUI.exe' - '54' Module(s) have been scanned
Scan process 'DLG.exe' - '31' Module(s) have been scanned
Scan process 'Skype.exe' - '126' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '30' Module(s) have been scanned
Scan process 'Monitor.exe' - '54' Module(s) have been scanned
Scan process 'msmsgs.exe' - '47' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '75' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '66' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'wltray.exe' - '38' Module(s) have been scanned
Scan process 'AOLSoftware.exe' - '80' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'ehmsas.exe' - '32' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '29' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '31' Module(s) have been scanned
Scan process 'Iaanotif.exe' - '49' Module(s) have been scanned
Scan process 'stsystra.exe' - '37' Module(s) have been scanned
Scan process 'ehtray.exe' - '42' Module(s) have been scanned
Scan process 'Explorer.EXE' - '146' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '28' Module(s) have been scanned
Scan process 'Elservice.exe' - '27' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '42' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'QBCFMonitorService.exe' - '40' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
Scan process 'MDM.EXE' - '20' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'Iaantmon.exe' - '11' Module(s) have been scanned
Scan process 'ehSched.exe' - '46' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '44' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '59' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '42' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '49' Module(s) have been scanned
Scan process 'wltrysvc.exe' - '13' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '181' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '39' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1826' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\18\79bbcad2-77ba3c39
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.F.48 exploit
--> vuln/Huvasi.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.F.48 exploit
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\33\eee2921-1762daca
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
--> glass/boing.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\43\71c712b-46410236
[DETECTION] Is the TR/Fake.Spypro.69 Trojan
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\52\5c1732b4-5dc636e4
[DETECTION] Is the TR/Fake.Spypro.69 Trojan
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\63\7ef8337f-5da918df
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Debbie\Local Settings\Temp\UPS_Document_NR2376-1.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Dropper.Gen Trojan
--> UPS_Document/UPS_Document.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Debbie\Local Settings\Temp\UPS_Document_NR2376.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Dropper.Gen Trojan
--> UPS_Document/UPS_Document.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LERODYZ\upgrade[1].cab
[0] Archive type: CAB (Microsoft)
[DETECTION] Contains recognition pattern of the ADSPY/OneStep.Y adware or spyware
--> upgrade.exe
[DETECTION] Contains recognition pattern of the ADSPY/OneStep.Y adware or spyware
--> [UnknownDir]/seekeen.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\WINDOWS\Temp\SEEF4.tmp\upgrade.exe
[0] Archive type: NSIS
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> [UnknownDir]/seekeen.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [3]: The system cannot find the path specified.

Beginning disinfection:
C:\WINDOWS\Temp\SEEF4.tmp\upgrade.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LERODYZ\upgrade[1].cab
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] An ARK library instance is already running.
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Local Settings\Temp\UPS_Document_NR2376.zip
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Local Settings\Temp\UPS_Document_NR2376-1.zip
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] An ARK library instance is already running.
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\63\7ef8337f-5da918df
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\52\5c1732b4-5dc636e4
[DETECTION] Is the TR/Fake.Spypro.69 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] An ARK library instance is already running.
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\43\71c712b-46410236
[DETECTION] Is the TR/Fake.Spypro.69 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\33\eee2921-1762daca
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] An ARK library instance is already running.
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\18\79bbcad2-77ba3c39
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.F.48 exploit
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[NOTE] The file is scheduled for deleting after reboot.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


HiJackThis:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:28:59 PM, on 3/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Documents and Settings\Debbie\Local Settings\Application Data\yhj.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1170340513\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170340513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Debbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14915 bytes




I don't know what to do and it is my work computer!!!

I hope this all helps!

Thank you!!

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Fri Apr 01, 2011 12:56 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Fri Apr 01, 2011 1:20 pm

Belahzur my hero!

I must say, I finally figured it out after 5 hours at work yesterday, but I can tell my computer is still acting weird. Thank you for your help!

OTL logfile created on: 4/1/2011 9:13:38 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debbie\Desktop\HiJackTHIS
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 222.37 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
Drive E: | 153.35 Gb Total Space | 131.14 Gb Free Space | 85.52% Space Free | Partition Type: FAT32
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 2.06 Gb Free Space | 27.62% Space Free | Partition Type: FAT32

Computer Name: BURLAP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 09:13:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\HiJackTHIS\OTL.exe
PRC - [2011/03/17 03:20:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/11/30 19:13:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 19:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/09/14 17:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/09 09:32:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/01/30 15:39:10 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 12:50:02 | 001,462,272 | ---- | M] (Dynex) -- C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
PRC - [2007/02/13 02:32:40 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/10/23 08:50:37 | 000,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1170340513\ee\aolsoftware.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/01 16:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
PRC - [2005/11/29 20:19:00 | 000,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/15 12:56:56 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/06/08 13:31:38 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 09:13:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\HiJackTHIS\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 20:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 20:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2006/11/16 12:43:45 | 000,010,288 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\WLHook.dll
MOD - [2004/08/10 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/10 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll
MOD - [2004/07/15 12:54:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/03/17 03:20:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/11/30 19:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/06/01 16:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 16:28:50 | 000,024,168 | ---- | M] (Norman ASA) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Debbie\Local Settings\Temp\00001389.nmc\nse\bin\ndiskio.sys -- (NDISKIO)
DRV - [2011/03/17 03:20:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/30 19:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/10/09 15:33:00 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisWDM.sys -- (NdisWDM)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/09 15:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 15:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 15:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 15:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 15:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300


FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\Firefox\ [2011/03/31 16:00:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 12:38:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 12:38:44 | 000,000,000 | ---D | M]

[2009/01/28 11:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Extensions
[2011/03/31 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions
[2009/04/07 09:43:39 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/10/15 14:19:25 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/09/03 11:15:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 09:44:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/25 18:01:08 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\extensions\toolbar@ask.com
[2009/01/30 11:00:55 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\searchplugins\aim-search.xml
[2011/03/31 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 12:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/21 12:02:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/31 16:00:07 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\SPYWARE DOCTOR\BDT\FIREFOX
[2010/05/21 12:02:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/04/29 13:21:53 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170340513\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [Weather] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe (Dynex)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/10 15:48:25 | 000,000,014 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/11/10 15:48:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.LTS -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 15:59:57 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/03/31 15:59:57 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/03/31 15:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/03/31 15:34:14 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/03/31 15:34:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0302.old
[2011/03/31 15:34:14 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/03/31 15:34:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0302.old
[2011/03/31 15:34:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/03/31 15:34:11 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/03/31 15:34:06 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/03/31 15:34:06 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/03/31 15:34:03 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/03/31 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/03/31 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/31 15:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\PC Tools
[2011/03/31 15:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/31 14:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/29 13:32:38 | 001,199,616 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC36E140.DLL
[2011/03/29 13:32:38 | 000,856,064 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\MPW30dat.dll
[2011/03/29 13:32:38 | 000,262,348 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rpcsecl.dll
[2011/03/29 13:32:38 | 000,159,744 | ---- | C] (Ricoh Co.,Ltd.) -- C:\WINDOWS\System32\JCUI.exe
[2011/03/29 13:32:38 | 000,081,920 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCPRINT.dll
[2011/03/29 13:32:38 | 000,069,632 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIFmtA.dll
[2011/03/29 13:32:38 | 000,061,440 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rdrvlog.dll
[2011/03/29 13:32:38 | 000,061,440 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TrackID.dll
[2011/03/29 13:32:38 | 000,057,344 | ---- | C] (RICOH Co.,Ltd.) -- C:\WINDOWS\System32\rdrvinf.dll
[2011/03/29 13:32:38 | 000,053,248 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC00C140.dll
[2011/03/29 13:32:38 | 000,049,152 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIBase64.dll
[2011/03/29 13:32:38 | 000,027,136 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCINST.dll
[2011/03/29 13:32:38 | 000,000,000 | -H-D | C] -- C:\_rpcs
[2011/03/10 10:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/10 09:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/08 14:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/03/08 14:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\FreeFileViewer
[2011/03/08 14:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2011/03/08 14:47:27 | 002,323,576 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Debbie\Desktop\FreeFileViewer2011Setup.exe
[2011/03/03 09:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/03 09:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/07 11:44:40 | 002,933,084 | ---- | C] (Adolix Software ) -- C:\Program Files\AdolixSplitMergePDFSetup.exe
[2010/12/14 15:39:13 | 006,875,336 | ---- | C] (Gretech Corporation) -- C:\Program Files\GOMPLAYERENSETUP.EXE
[2010/12/14 15:28:40 | 000,395,640 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\utorrent.exe
[2010/12/14 15:04:59 | 002,652,884 | ---- | C] (Alexander Vigovsky ) -- C:\Program Files\ac3filter_1_62b.exe
[2010/12/14 14:51:25 | 000,903,520 | ---- | C] (DivX, LLC) -- C:\Program Files\DivXInstaller.exe
[2010/12/13 17:00:37 | 000,652,794 | ---- | C] (Xvid team ) -- C:\Program Files\XviD-1.2.2-07062009.exe
[2010/10/18 09:52:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/10/18 09:43:29 | 005,053,024 | ---- | C] (Discordia Limited.) -- C:\Program Files\jZipV1.exe
[2010/09/25 16:26:59 | 002,022,008 | ---- | C] (W3i, LLC) -- C:\Program Files\tinyzip.exe
[2010/07/08 15:40:43 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Program Files\UnityWebPlayer.exe
[2010/06/16 16:32:37 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/06/11 11:31:50 | 007,302,104 | ---- | C] (AOL Inc.) -- C:\Program Files\Install_AIM.exe
[2010/05/21 14:40:04 | 060,348,824 | ---- | C] ( ) -- C:\Program Files\MFPS_Setup.EXE
[2010/04/21 14:06:32 | 000,121,864 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\g2m_download.exe
[2010/03/05 09:27:37 | 000,569,520 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthPluginSetup.exe
[2010/02/17 16:17:12 | 010,840,577 | ---- | C] (mani.de - friendly software ) -- C:\Program Files\iVolume3Win.exe
[2009/12/08 12:53:15 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[2009/08/21 15:08:22 | 077,976,864 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/08/13 13:20:24 | 016,070,968 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.6-i686-setup.exe
[2009/08/05 10:11:15 | 008,050,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.2.exe
[2009/07/09 10:47:39 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkr80018en.EXE
[2009/06/10 09:56:14 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009/04/29 13:34:55 | 043,083,040 | ---- | C] ( ) -- C:\Program Files\AdbeRdr910_en_US_Std.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 09:05:32 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/01 09:05:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/01 09:05:23 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2011/04/01 09:05:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2011/04/01 09:01:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 09:01:53 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 16:01:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4091619023-2511848912-4128872900-1006UA.job
[2011/03/31 16:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/31 16:00:20 | 000,650,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/31 15:59:53 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/03/31 15:48:44 | 000,017,362 | -HS- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/31 15:48:44 | 000,017,362 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/31 15:47:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 11:34:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/31 09:01:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4091619023-2511848912-4128872900-1006Core.job
[2011/03/31 01:00:07 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\InSite_C 1163190862.job
[2011/03/31 00:08:16 | 000,000,818 | ---- | M] () -- C:\WINDOWS\tasks\Rotation 2.job
[2011/03/30 00:08:05 | 000,000,818 | ---- | M] () -- C:\WINDOWS\tasks\Rotation 1.job
[2011/03/29 13:32:40 | 000,000,237 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2011/03/29 13:32:39 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
[2011/03/28 08:57:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 17:09:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\My Network Places.lnk
[2011/03/24 13:53:16 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/24 13:53:16 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/20 00:07:58 | 000,000,794 | ---- | M] () -- C:\WINDOWS\tasks\Weekly.job
[2011/03/17 03:20:11 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/14 12:30:00 | 000,838,759 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Dell_Laser_MFP_1815_20110310133345.pdf
[2011/03/10 10:00:00 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/10 04:01:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 14:49:03 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2011/03/08 14:47:28 | 002,323,576 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Debbie\Desktop\FreeFileViewer2011Setup.exe
[2011/03/08 14:46:49 | 000,086,387 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\dancephilly logo.eps
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 15:59:58 | 000,650,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/31 15:59:53 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/03/31 15:34:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0302.old
[2011/03/31 15:34:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/03/31 15:34:14 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/03/31 15:34:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/03/31 15:34:14 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/03/31 15:34:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/03/31 15:34:11 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2011/03/31 15:34:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/29 13:32:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2011/03/24 17:09:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\My Network Places.lnk
[2011/03/14 12:30:00 | 000,838,759 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Dell_Laser_MFP_1815_20110310133345.pdf
[2011/03/10 10:00:00 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/08 14:49:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2011/03/08 14:49:03 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2011/03/08 14:45:32 | 000,086,387 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\dancephilly logo.eps
[2011/02/17 12:29:17 | 004,727,808 | ---- | C] () -- C:\Program Files\Works632_en-US.msi
[2011/02/04 12:52:42 | 113,284,440 | ---- | C] () -- C:\Program Files\601_b021_multilanguage.exe
[2010/12/17 12:26:57 | 058,794,264 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/07/28 08:50:07 | 001,177,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/30 11:41:41 | 016,262,472 | ---- | C] () -- C:\Program Files\winzip145.exe
[2010/06/18 15:34:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/21 14:23:56 | 062,869,323 | ---- | C] () -- C:\Program Files\FPVUpdater.EXE
[2010/04/07 17:45:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/05 16:42:23 | 000,062,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/13 10:42:59 | 015,639,552 | ---- | C] () -- C:\Program Files\DwfViewerSetup.msi
[2010/01/11 12:22:06 | 000,000,237 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/08/30 18:00:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/05/21 14:46:16 | 013,714,760 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/04/03 14:49:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/02 16:18:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/02 16:18:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2009/03/02 16:18:52 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/29 15:08:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 09:50:07 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/11/13 11:27:25 | 000,105,045 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2006/11/13 11:27:25 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2006/11/13 11:27:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/11/10 16:21:09 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/11/10 15:47:43 | 000,000,764 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006/11/10 15:47:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/11/10 15:47:42 | 000,013,226 | ---- | C] () -- C:\WINDOWS\123R5.INI
[2006/11/10 15:47:42 | 000,000,478 | ---- | C] () -- C:\WINDOWS\LODBF04.INI
[2006/11/10 15:42:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/11/10 14:47:17 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2006/11/10 14:47:17 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2006/11/10 14:16:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\fusioncache.dat
[2006/10/26 11:15:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/26 11:07:38 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/10/26 11:05:24 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/26 11:03:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/26 11:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/26 11:00:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
[2006/10/26 10:39:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/26 10:39:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/26 10:38:35 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/11/10 01:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,298 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Fri Apr 01, 2011 1:21 pm

OTL Extras logfile created on: 4/1/2011 9:13:38 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debbie\Desktop\HiJackTHIS
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 222.37 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
Drive E: | 153.35 Gb Total Space | 131.14 Gb Free Space | 85.52% Space Free | Partition Type: FAT32
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 2.06 Gb Free Space | 27.62% Space Free | Partition Type: FAT32

Computer Name: BURLAP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"c:\windows\system32\rk.exe" = c:\windows\system32\rk.exe:*:Enabled:rk.exe
"C:\Documents and Settings\Debbie\Local Settings\Temp\~os230.tmp\ossproxy.exe" = C:\Documents and Settings\Debbie\Local Settings\Temp\~os230.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\1170340513\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1170340513\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\Intuit\QuickBooks Premier\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Premier\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\RelevantKnowledge\rlvknlg.exe" = C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:???????
"C:\Documents and Settings\Debbie\Desktop\NTRsupport_72916.exe" = C:\Documents and Settings\Debbie\Desktop\NTRsupport_72916.exe:*:Enabled:NTRsupport
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Documents and Settings\Debbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Debbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{531D27E5-DE21-4777-9EDB-B7803087E7F3}" = Dynex Wireless G USB Network Adapter Setup
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3626-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Contractor Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ASIO4ALL" = ASIO4ALL
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Browser Defender_is1" = Browser Defender 3.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"conduitEngine" = Conduit Engine
"DeskPins" = DeskPins (remove only)
"EL" = Intel(R) Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.1
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"FreeFileViewer_is1" = Free File Viewer 2011
"GOM Encoder" = GOM Encoder
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"iVolume_is1" = iVolume 3.6
"jZip" = jZip
"Living 3D Dolphins Screen Saver" = Living 3D Dolphins Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PEM Software Systems, Inc" = PEM Software Systems, Inc
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 8.0
"Toxic Biohazard" = Toxic Biohazard
"Trusted Software Assistant_is1" = File Type Assistant
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2011 4:35:25 PM | Computer Name = BURLAP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": Connection Error:Invalid user ID or passwo

Error - 3/31/2011 4:35:25 PM | Computer Name = BURLAP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": Connection String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=E:\quickbooks
backup\InSitemay10.QBW1.QBW;ENG=QB_data_engine_19;DBN=6173e3015b9e42e49ac005a38a40d4

Error - 3/31/2011 4:35:25 PM | Computer Name = BURLAP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": DBConnPool::~[Filtered JS Events]~ errorCode:-6069, dbCode:-103 from
file:'.\.\src\ConnPool.cpp' at line 1003 from function:'DBMgr::DBConnPool::ini

Error - 3/31/2011 4:37:48 PM | Computer Name = BURLAP | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/1/2011 9:05:51 AM | Computer Name = BURLAP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/1/2011 9:07:08 AM | Computer Name = BURLAP | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

Error - 4/1/2011 9:10:21 AM | Computer Name = BURLAP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2011 9:10:23 AM | Computer Name = BURLAP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2011 9:10:24 AM | Computer Name = BURLAP | Source = Application Hang | ID = 1001
Description = Fault bucket -2060348231.

Error - 4/1/2011 9:10:25 AM | Computer Name = BURLAP | Source = Application Hang | ID = 1001
Description = Fault bucket -2060348231.

[ System Events ]
Error - 4/1/2011 7:08:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 7:20:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 7:32:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 7:44:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 7:56:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 8:08:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 8:20:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 8:32:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 8:44:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 4/1/2011 8:56:02 AM | Computer Name = BURLAP | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.


< End of report >

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Fri Apr 01, 2011 8:48 pm

Did I do everything right??

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Sun Apr 03, 2011 1:41 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
    [2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Mon Apr 04, 2011 12:32 am

Error: Unable to interpret <[2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub> in the current context!
Error: Unable to interpret <[2011/03/31 10:28:24 | 000,017,362 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 04032011_203145

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Mon Apr 04, 2011 7:28 pm

I hope this isn't a big problem??

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Tue Apr 05, 2011 1:25 pm

bump

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Wed Apr 06, 2011 1:18 am

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Wed Apr 06, 2011 1:23 pm

Belahzur,

I am having some problems. I don't know where you want me to copy and paste that code. I click start and then go to search? I'm a little confused.

I tried running commy.exe and it was having some issues as well.

:sad:

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Wed Apr 06, 2011 10:52 pm

It's the Run command that you paste into. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Thu Apr 07, 2011 1:03 pm

It says.. Windows can not find that path! and to check my spelling again or search it :-(

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Fri Apr 08, 2011 1:19 am

Okay, try running it normally by double clicking it to run it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Fri Apr 08, 2011 1:49 pm

Belahzur,

This thing is really kicking my ass man. I run Combofix and then it updates, then it says I do not have a "windows system recovery". So it tries to download it I guess.. the title at the top is this (Windows XP Professional SP2 CD Boot Floppies). It then will stop the process saying this: "Extracting File Failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file."

What now!?

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Fri Apr 08, 2011 8:59 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Mon Apr 11, 2011 6:31 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6334

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/11/2011 2:31:34 PM
mbam-log-2011-04-11 (14-31-34).txt

Scan type: Quick scan
Objects scanned: 169035
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Mon Apr 11, 2011 7:22 pm

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Mon Apr 11, 2011 7:55 pm

2011/04/11 15:54:50.0875 0452 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 15:54:52.0890 0452 ================================================================================
2011/04/11 15:54:52.0890 0452 SystemInfo:
2011/04/11 15:54:52.0890 0452
2011/04/11 15:54:52.0890 0452 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/11 15:54:52.0890 0452 Product type: Workstation
2011/04/11 15:54:52.0890 0452 ComputerName: BURLAP
2011/04/11 15:54:52.0890 0452 UserName: Debbie
2011/04/11 15:54:52.0890 0452 Windows directory: C:\WINDOWS
2011/04/11 15:54:52.0890 0452 System windows directory: C:\WINDOWS
2011/04/11 15:54:52.0890 0452 Processor architecture: Intel x86
2011/04/11 15:54:52.0890 0452 Number of processors: 2
2011/04/11 15:54:52.0890 0452 Page size: 0x1000
2011/04/11 15:54:52.0890 0452 Boot type: Normal boot
2011/04/11 15:54:52.0890 0452 ================================================================================
2011/04/11 15:54:53.0218 0452 Initialize success
2011/04/11 15:55:09.0031 2524 ================================================================================
2011/04/11 15:55:09.0031 2524 Scan started
2011/04/11 15:55:09.0031 2524 Mode: Manual;
2011/04/11 15:55:09.0031 2524 ================================================================================
2011/04/11 15:55:09.0953 2524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/11 15:55:10.0046 2524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/11 15:55:10.0125 2524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/11 15:55:10.0218 2524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/11 15:55:10.0296 2524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/11 15:55:10.0468 2524 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/11 15:55:10.0750 2524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/11 15:55:10.0812 2524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/11 15:55:10.0859 2524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/11 15:55:10.0875 2524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/11 15:55:10.0890 2524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/11 15:55:10.0968 2524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/11 15:55:11.0031 2524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/11 15:55:11.0046 2524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/11 15:55:11.0078 2524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/11 15:55:11.0140 2524 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/11 15:55:11.0171 2524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/11 15:55:11.0203 2524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/11 15:55:11.0218 2524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/11 15:55:11.0250 2524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/11 15:55:11.0296 2524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/11 15:55:11.0343 2524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/11 15:55:11.0375 2524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/11 15:55:11.0453 2524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/11 15:55:11.0718 2524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/11 15:55:11.0718 2524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/11 15:55:11.0750 2524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/11 15:55:11.0765 2524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/11 15:55:11.0812 2524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/11 15:55:11.0843 2524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/11 15:55:11.0906 2524 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/04/11 15:55:11.0921 2524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/11 15:55:11.0953 2524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/11 15:55:11.0984 2524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/11 15:55:12.0000 2524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/11 15:55:12.0015 2524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/11 15:55:12.0062 2524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/11 15:55:12.0125 2524 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/04/11 15:55:12.0140 2524 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/04/11 15:55:12.0156 2524 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/04/11 15:55:12.0171 2524 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/04/11 15:55:12.0187 2524 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/04/11 15:55:12.0187 2524 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/04/11 15:55:12.0203 2524 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/04/11 15:55:12.0218 2524 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/04/11 15:55:12.0234 2524 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/04/11 15:55:12.0281 2524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/11 15:55:12.0296 2524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/11 15:55:12.0328 2524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/11 15:55:12.0343 2524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/11 15:55:12.0390 2524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/11 15:55:12.0406 2524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/11 15:55:12.0453 2524 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/04/11 15:55:12.0468 2524 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/04/11 15:55:12.0562 2524 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/11 15:55:12.0656 2524 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/11 15:55:12.0781 2524 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2011/04/11 15:55:12.0906 2524 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
2011/04/11 15:55:12.0937 2524 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
2011/04/11 15:55:12.0968 2524 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
2011/04/11 15:55:13.0046 2524 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
2011/04/11 15:55:13.0171 2524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/11 15:55:13.0281 2524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/11 15:55:13.0359 2524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/11 15:55:13.0390 2524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/11 15:55:13.0500 2524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/11 15:55:13.0546 2524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/11 15:55:13.0593 2524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/11 15:55:13.0656 2524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/11 15:55:13.0718 2524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/11 15:55:13.0859 2524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/11 15:55:14.0046 2524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/11 15:55:14.0234 2524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/11 15:55:14.0515 2524 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/11 15:55:14.0609 2524 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/11 15:55:14.0671 2524 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/11 15:55:14.0734 2524 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/04/11 15:55:14.0968 2524 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/11 15:55:15.0140 2524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/11 15:55:15.0234 2524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/11 15:55:15.0375 2524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/11 15:55:15.0531 2524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/11 15:55:15.0828 2524 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
2011/04/11 15:55:15.0875 2524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/11 15:55:15.0953 2524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/11 15:55:16.0031 2524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/11 15:55:16.0109 2524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/11 15:55:16.0156 2524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/11 15:55:16.0281 2524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/11 15:55:16.0359 2524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/11 15:55:16.0406 2524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/11 15:55:16.0484 2524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/11 15:55:16.0531 2524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/11 15:55:16.0609 2524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/11 15:55:16.0703 2524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/11 15:55:16.0828 2524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/11 15:55:16.0937 2524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/11 15:55:17.0109 2524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/11 15:55:17.0390 2524 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/11 15:55:17.0515 2524 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/11 15:55:17.0640 2524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/11 15:55:17.0875 2524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/11 15:55:17.0921 2524 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/11 15:55:18.0000 2524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/11 15:55:18.0093 2524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/11 15:55:18.0218 2524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/11 15:55:18.0312 2524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/11 15:55:18.0437 2524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/11 15:55:18.0703 2524 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/11 15:55:18.0906 2524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/11 15:55:19.0109 2524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/11 15:55:19.0296 2524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/11 15:55:19.0343 2524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/11 15:55:19.0406 2524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/11 15:55:19.0468 2524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/11 15:55:19.0515 2524 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/11 15:55:19.0609 2524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/11 15:55:19.0671 2524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/11 15:55:19.0734 2524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/11 15:55:20.0234 2524 NDISKIO (0bc1739dc0553548b7920acd8b61389d) C:\DOCUME~1\Debbie\LOCALS~1\Temp\00001389.nmc\nse\bin\ndiskio.sys
2011/04/11 15:55:20.0390 2524 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/11 15:55:20.0421 2524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/11 15:55:20.0531 2524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/11 15:55:20.0578 2524 NdisWDM (331d9941219253033e774dd3d150b75c) C:\WINDOWS\system32\DRIVERS\ndiswdm.sys
2011/04/11 15:55:20.0671 2524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/11 15:55:20.0734 2524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/11 15:55:20.0750 2524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/11 15:55:20.0921 2524 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/11 15:55:20.0984 2524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/11 15:55:21.0046 2524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/11 15:55:21.0093 2524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/11 15:55:21.0281 2524 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/11 15:55:21.0390 2524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/11 15:55:21.0437 2524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/11 15:55:21.0468 2524 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/11 15:55:21.0500 2524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/11 15:55:21.0515 2524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/11 15:55:21.0546 2524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/11 15:55:21.0546 2524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/11 15:55:21.0609 2524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/11 15:55:21.0640 2524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/11 15:55:21.0718 2524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/11 15:55:21.0765 2524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/11 15:55:21.0828 2524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/11 15:55:21.0843 2524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/11 15:55:21.0859 2524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/11 15:55:21.0937 2524 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/11 15:55:22.0000 2524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/11 15:55:22.0078 2524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/11 15:55:22.0109 2524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/11 15:55:22.0187 2524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/11 15:55:22.0234 2524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/11 15:55:22.0250 2524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/11 15:55:22.0296 2524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/11 15:55:22.0343 2524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/11 15:55:22.0359 2524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/11 15:55:22.0406 2524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/11 15:55:22.0406 2524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/11 15:55:22.0453 2524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/11 15:55:22.0625 2524 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/11 15:55:22.0671 2524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/11 15:55:22.0734 2524 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/04/11 15:55:22.0765 2524 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/04/11 15:55:22.0796 2524 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/11 15:55:22.0843 2524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/11 15:55:22.0906 2524 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/04/11 15:55:22.0953 2524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/11 15:55:23.0000 2524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/11 15:55:23.0031 2524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/11 15:55:23.0078 2524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/11 15:55:23.0140 2524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/11 15:55:23.0187 2524 SNTNLUSB (4cd88cd1891b63d0d84c1a0fa3786b47) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/04/11 15:55:23.0234 2524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/11 15:55:23.0281 2524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/11 15:55:23.0343 2524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/11 15:55:23.0406 2524 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/11 15:55:23.0500 2524 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/11 15:55:23.0562 2524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/11 15:55:23.0578 2524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/11 15:55:23.0593 2524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/11 15:55:23.0640 2524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/11 15:55:23.0671 2524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/11 15:55:23.0718 2524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/11 15:55:23.0750 2524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/11 15:55:23.0796 2524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/11 15:55:23.0859 2524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/11 15:55:23.0906 2524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/11 15:55:23.0937 2524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/11 15:55:23.0953 2524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/11 15:55:24.0109 2524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/11 15:55:24.0125 2524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/11 15:55:24.0171 2524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/11 15:55:24.0218 2524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/11 15:55:24.0281 2524 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/11 15:55:24.0343 2524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/11 15:55:24.0390 2524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/11 15:55:24.0406 2524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/11 15:55:24.0531 2524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/11 15:55:24.0593 2524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/11 15:55:24.0609 2524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/11 15:55:24.0625 2524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/11 15:55:24.0656 2524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/11 15:55:24.0718 2524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/11 15:55:24.0765 2524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/11 15:55:24.0796 2524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/11 15:55:24.0843 2524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/11 15:55:24.0859 2524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/11 15:55:24.0906 2524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/11 15:55:24.0968 2524 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/04/11 15:55:25.0031 2524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/11 15:55:25.0093 2524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/11 15:55:25.0171 2524 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/11 15:55:25.0265 2524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/11 15:55:25.0312 2524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/11 15:55:25.0406 2524 ================================================================================
2011/04/11 15:55:25.0406 2524 Scan finished
2011/04/11 15:55:25.0406 2524 ================================================================================

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Wed Apr 13, 2011 1:40 pm

Bump

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Wed Apr 13, 2011 10:04 pm

Everything looks fine so far.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Thu Apr 14, 2011 4:02 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6a43ca0ca12e104883ff7e1de577fb6c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-14 04:00:33
# local_time=2011-04-14 12:00:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 61455397 61455397 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=222535
# found=3
# cleaned=3
# scan_time=6604
C:\Documents and Settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\44\4316102c-2b01ff92 a variant of Win32/Kryptik.MEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Debbie\Local Settings\Temp\Av-test.txt Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Debbie\Local Settings\Temp\plugtmp-8\plugin-lib.pdf PDF/Exploit.Pidief.PEL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Belahzur on Thu Apr 14, 2011 10:26 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan-BNK.win32.keylogger.gen

Post by Joey Jiggles on Fri Apr 15, 2011 1:48 pm

I believe it is running fine. That was some mess! I can't thank you enough for your help Belahzur.

Thank You! Thank You! Thank You!

Joey Jiggles
Intermediate
Intermediate

Status :
Online
Offline

Posts : 187
Joined : 2009-01-12
OS : Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum