Trojan - bnk.win32.keylogger.gen

View previous topic View next topic Go down

Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 7th April 2011, 3:51 pm

I have always used your site and been very happy with the past results.My pc which runs on vista will not let me access the internet and keeps on popping up with vista internet security 2011 and it won't let me go anywhere, i can't even get onto the internet.
I do have Macafee total protection installed and it seems to have got past it.Please can you help me as i need my pc and i am totally stuck. I have done a full system scan but it is saying that nothing is detected also something come up stating a trojan called bnk.win32.keylogger.gen is this what is destrying my system?

Kind regards
Debbie Hornshaw

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 7th April 2011, 7:30 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Please do this. First re-boot in Safe Mode with NetWorking, download and run MBAM. Next, re-boot in Normal Mode and run MBAM again as well as the other two scans and post the logs.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 8th April 2011, 11:18 am



Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6308

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

08/04/2011 11:47:47
mbam-log-2011-04-08 (11-47-47).txt

Scan type: Quick scan
Objects scanned: 153463
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\Users\robert hornshaw\AppData\Local\msm.exe (Trojan.Agent) -> 1260 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Robert Hornshaw\AppData\Local\msm.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Robert Hornshaw\AppData\Local\msm.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\robert hornshaw\AppData\Local\msm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\AppData\Local\temp\0.9967669422208966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\AppData\Local\temp\icreinstall\musicconvertersetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\local settings\iek.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\local settings\msm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\local settings\application data\iek.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert hornshaw\local settings\application data\msm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 8th April 2011, 11:20 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6308

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

08/04/2011 12:05:22
mbam-log-2011-04-08 (12-05-22).txt

Scan type: Quick scan
Objects scanned: 155666
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 8th April 2011, 11:21 am

after those scans were done i can now access the internet and am now following up other instructions as you have posted. Doing very well so far thankyou.
Debbie

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 14th April 2011, 1:38 am

I'm really sorry for not getting back to you sooner. I'm not getting my notices when you replied. Did you have a chance to run the DDS scan?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 14th April 2011, 6:15 pm

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert Hornshaw at 19:10:05.45 on 14/04/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3292.2368 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Robert Hornshaw\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101216112521.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: LiveFoBHO Class: {d9b924b9-98df-4e68-bfff-f11f3cd601e1} - c:\program files\livefo\LiveFo.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
TB: {4C350B19-6CA1-4569-B14C-296D8D65300B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [diagnostics] "c:\program files\thomson\st330\diagnostics\diagnostics.exe" /icon -l:en
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\robert~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - [You must be registered and logged in to see this link.]
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-16 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-16 164840]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-12-16 54776]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-5-7 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-28 98984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-16 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-16 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-5-7 27648]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-16 55840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-7 112128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-16 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-16 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-16 313288]
S2 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\users\robert~1\appdata\local\temp\nsgb854.tmp\abp_installchecker.exe --> c:\users\robert~1\appdata\local\temp\nsgb854.tmp\ABP_InstallChecker.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\mp3 rocket toolbar\mp3rocketsvc.exe --> c:\program files\mp3 rocket toolbar\Mp3RocketSvc.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe --> c:\program files\netgear\wn111v2\jswpsapi.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-16 84264]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-16 27192]
.
=============== Created Last 30 ================
.
2011-04-10 16:33:22 -------- d-----w- c:\users\robert~1\appdata\roaming\PCDr
2011-04-08 11:24:02 -------- d-----w- c:\users\robert~1\appdata\roaming\SUPERAntiSpyware.com
2011-04-08 10:39:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 08:39:25 322476 ----a-w- c:\progra~2\SPLEC05.tmp
2011-04-05 08:38:05 322476 ----a-w- c:\progra~2\SPLB5D8.tmp
2011-04-01 17:16:52 -------- d-----w- c:\program files\armadacustomtoolbar
2011-03-31 19:26:54 -------- d-----w- c:\progra~2\McAfee Security Scan
2011-03-31 19:26:53 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-31 17:07:28 -------- d-----w- c:\program files\Ask.com
2011-03-31 17:06:58 -------- d-----w- c:\users\robert~1\appdata\roaming\UseNeXT
2011-03-31 17:06:51 -------- d-----w- c:\program files\UseNeXT
2011-03-31 15:14:05 -------- d-----w- c:\users\robert~1\appdata\local\Apple Computer
2011-03-31 15:13:03 -------- d-----w- c:\program files\iPod
2011-03-31 15:13:02 -------- d-----w- c:\program files\iTunes
2011-03-31 15:13:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-31 15:12:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-31 15:11:47 -------- d-----w- c:\users\robert~1\appdata\local\Apple
2011-03-31 15:09:11 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-03-12 12:43:36 2503808 ----a-w- c:\progra~2\SPL6576.tmp
2011-03-12 12:42:21 2503808 ----a-w- c:\progra~2\SPL40E6.tmp
2011-03-12 12:31:56 2513040 ----a-w- c:\progra~2\SPL1C1D.tmp
2011-03-12 09:44:18 333337 ----a-w- c:\progra~2\SPLE649.tmp
2011-03-12 09:43:06 333337 ----a-w- c:\progra~2\SPLCA8F.tmp
2011-02-28 14:22:19 325828 ----a-w- c:\progra~2\SPLA106.tmp
2011-02-28 14:20:53 325828 ----a-w- c:\progra~2\SPL5038.tmp
2011-02-25 15:46:24 52844 ----a-w- c:\progra~2\SPLEFC3.tmp
2011-02-25 15:44:34 52844 ----a-w- c:\progra~2\SPL40BD.tmp
2011-02-21 09:43:03 110635 ----a-w- c:\progra~2\SPL235A.tmp
2011-02-21 09:41:29 143173 ----a-w- c:\progra~2\SPLB50D.tmp
2011-02-18 15:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-13 20:47:52 25857583 ----a-w- c:\progra~2\SPL4E38.tmp
2011-02-04 20:39:42 259507 ----a-w- c:\progra~2\SPLA968.tmp
2011-02-04 20:38:27 259507 ----a-w- c:\progra~2\SPL83FD.tmp
2011-02-04 20:35:10 238987 ----a-w- c:\progra~2\SPLEE92.tmp
2011-02-04 20:33:52 238987 ----a-w- c:\progra~2\SPLBD46.tmp
2011-02-02 08:06:13 67404 ----a-w- c:\progra~2\SPLC5A1.tmp
2011-02-02 08:02:46 67404 ----a-w- c:\progra~2\SPL9D67.tmp
.
============= FINISH: 19:11:07.91 ===============

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 14th April 2011, 6:16 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 07/05/2009 05:11:42
System Uptime: 14/04/2011 08:15:37 (11 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 338.01 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.621 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP738: 19/03/2011 09:51:11 - Scheduled Checkpoint
RP739: 20/03/2011 07:37:02 - Scheduled Checkpoint
RP740: 21/03/2011 10:14:32 - Scheduled Checkpoint
RP741: 22/03/2011 08:32:26 - Scheduled Checkpoint
RP742: 23/03/2011 10:34:44 - Scheduled Checkpoint
RP743: 24/03/2011 08:49:34 - Scheduled Checkpoint
RP744: 25/03/2011 07:21:51 - Windows Update
RP745: 26/03/2011 15:28:53 - Scheduled Checkpoint
RP746: 27/03/2011 09:04:10 - Scheduled Checkpoint
RP747: 28/03/2011 09:39:41 - Scheduled Checkpoint
RP748: 29/03/2011 09:02:26 - Scheduled Checkpoint
RP749: 30/03/2011 07:56:22 - Scheduled Checkpoint
RP750: 31/03/2011 12:30:58 - Scheduled Checkpoint
RP751: 31/03/2011 16:09:31 - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP752: 31/03/2011 16:11:03 - Device Driver Package Install: Apple Network adapters
RP753: 31/03/2011 16:12:33 - Installed iTunes
RP754: 01/04/2011 08:17:20 - Scheduled Checkpoint
RP755: 01/04/2011 18:25:10 - Removed MP3 Rocket Toolbar.
RP756: 02/04/2011 11:09:26 - Scheduled Checkpoint
RP757: 03/04/2011 07:45:31 - Scheduled Checkpoint
RP758: 04/04/2011 08:35:38 - Scheduled Checkpoint
RP759: 05/04/2011 08:34:56 - Scheduled Checkpoint
RP760: 06/04/2011 11:34:37 - Scheduled Checkpoint
RP761: 07/04/2011 08:46:47 - Scheduled Checkpoint
RP762: 07/04/2011 15:39:45 - Removed Bonjour
RP763: 07/04/2011 15:40:44 - Removed iTunes
RP764: 08/04/2011 10:12:32 - Scheduled Checkpoint
RP765: 09/04/2011 08:57:13 - Scheduled Checkpoint
RP766: 10/04/2011 09:46:46 - Scheduled Checkpoint
RP767: 11/04/2011 08:41:12 - Scheduled Checkpoint
RP768: 11/04/2011 22:38:06 - Scheduled Checkpoint
RP769: 13/04/2011 07:48:33 - Scheduled Checkpoint
RP770: 14/04/2011 08:16:31 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
ALOT Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armada Custom Toolbar
Ask Toolbar
Bonjour
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
Digital Camera Driver
Do It Yourself
Ebay Icon
ESET Online Scanner v3
Feedback Tool
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IconomizeToolbar
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Lexmark 2600 Series
Lexmark Toolbar
Lexmark Tools for Office
LiveFo
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSN Toolbar
MSVCRT
Network Magic
OGA Notifier 2.0.0048.0
Pure Networks Platform
QuickTime
RealPlayer
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.4.3
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SpeedTouch 330
SUPERAntiSpyware
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Script Editor Help (KB963671)
UseNeXT
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WN111v2
Yahoo! BrowserPlus 2.9.2
.
==== Event Viewer Messages From Past Week ========
.
14/04/2011 18:33:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
14/04/2011 07:39:26, Error: Service Control Manager [7000] - The Mp3Rocket Toolbar Helper service failed to start due to the following error: The system cannot find the file specified.
14/04/2011 07:39:26, Error: Service Control Manager [7000] - The ABP_InstallCheckerService service failed to start due to the following error: The system cannot find the file specified.
12/04/2011 20:02:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/04/2011 20:02:29, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/04/2011 20:02:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/04/2011 11:41:52, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - OFCS training.doc, owned by Robert Hornshaw, failed to print on printer Lexmark 2600 Series. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 325784. Number of bytes printed: 0. Total number of pages in the document: 5. Number of pages printed: 2. Client computer: \\ROBERT. Win32 error code returned by the print processor: 0. The operation completed successfully.
12/04/2011 10:19:51, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - OFCS training.doc, owned by Robert Hornshaw, failed to print on printer Lexmark 2600 Series. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 222640. Number of bytes printed: 222640. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\ROBERT. Win32 error code returned by the print processor: 0. The operation completed successfully.
12/04/2011 10:16:25, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - OFCS training.doc, owned by Robert Hornshaw, failed to print on printer Lexmark 2600 Series. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 223064. Number of bytes printed: 223064. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\ROBERT. Win32 error code returned by the print processor: 0. The operation completed successfully.
11/04/2011 22:08:02, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 20:55:36, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
11/04/2011 07:25:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.
11/04/2011 07:25:50, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/04/2011 11:31:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
08/04/2011 11:29:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08/04/2011 11:29:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/04/2011 11:29:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
08/04/2011 11:29:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/04/2011 11:29:01, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter SASDIFSV SASKUTIL spldr Wanarpv6
08/04/2011 11:29:01, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2011 11:29:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/04/2011 09:25:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 14th April 2011, 6:17 pm

sent as requested.
Kind regards

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 14th April 2011, 6:46 pm

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 15th April 2011, 9:13 pm

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Total Protection
McAfee Security Scan Plus
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 15th April 2011, 10:49 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*****************************************************
I would really like to see the ComboFix log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 16th April 2011, 9:12 am

i don't know how to disable the mcafee total security to do this, looked at the links and it's not the right version of the one that we have on our computer.
Regards Debbie

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 16th April 2011, 5:53 pm

Please run it anyway.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by debbie76 on 20th April 2011, 7:32 pm

ComboFix 11-04-20.01 - Robert Hornshaw 20/04/2011 20:18:43.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3292.2383 [GMT 1:00]
Running from: c:\users\Robert Hornshaw\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robert Hornshaw\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))
.
.
2011-04-20 19:27 . 2011-04-20 19:27 -------- d-----w- c:\users\Robert Hornshaw\AppData\Local\temp
2011-04-20 19:27 . 2011-04-20 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-20 19:27 . 2011-04-20 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-16 08:59 . 2011-04-16 08:59 -------- d-----w- c:\program files\Common Files\Java
2011-04-15 21:03 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 21:03 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 16:33 . 2011-04-10 16:33 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\PCDr
2011-04-08 11:24 . 2011-04-08 11:24 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\SUPERAntiSpyware.com
2011-04-08 10:39 . 2011-04-08 10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 08:39 . 2011-04-05 08:39 322476 ----a-w- c:\programdata\SPLEC05.tmp
2011-04-05 08:38 . 2011-04-05 08:38 322476 ----a-w- c:\programdata\SPLB5D8.tmp
2011-04-01 17:16 . 2011-04-01 17:17 -------- d-----w- c:\program files\armadacustomtoolbar
2011-03-31 19:26 . 2011-03-31 19:26 -------- d-----w- c:\programdata\McAfee Security Scan
2011-03-31 19:26 . 2011-04-03 06:05 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-31 17:06 . 2011-03-31 17:07 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\UseNeXT
2011-03-31 17:06 . 2011-04-01 17:24 -------- d-----w- c:\program files\UseNeXT
2011-03-31 15:14 . 2011-03-31 15:15 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\Apple Computer
2011-03-31 15:14 . 2011-03-31 15:14 -------- d-----w- c:\users\Robert Hornshaw\AppData\Local\Apple Computer
2011-03-31 15:13 . 2011-04-07 14:43 -------- d-----w- c:\program files\iPod
2011-03-31 15:13 . 2011-04-07 14:43 -------- d-----w- c:\program files\iTunes
2011-03-31 15:13 . 2011-03-31 15:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-03-31 15:12 . 2011-03-31 15:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-03-31 15:11 . 2011-03-31 15:13 -------- d-----w- c:\programdata\Apple Computer
2011-03-31 15:11 . 2011-03-31 15:12 -------- d-----w- c:\program files\QuickTime
2011-03-31 15:11 . 2011-03-31 15:11 -------- d-----w- c:\users\Robert Hornshaw\AppData\Local\Apple
2011-03-31 15:11 . 2011-03-31 15:11 -------- d-----w- c:\program files\Apple Software Update
2011-03-31 15:09 . 2011-03-31 15:09 -------- d-----w- c:\program files\Bonjour
2011-03-31 15:08 . 2011-03-31 15:13 -------- d-----w- c:\program files\Common Files\Apple
2011-03-31 15:08 . 2011-03-31 15:11 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 12:43 . 2011-03-12 12:43 2503808 ----a-w- c:\programdata\SPL6576.tmp
2011-03-12 12:42 . 2011-03-12 12:42 2503808 ----a-w- c:\programdata\SPL40E6.tmp
2011-03-12 12:31 . 2011-03-12 12:31 2513040 ----a-w- c:\programdata\SPL1C1D.tmp
2011-03-12 09:44 . 2011-03-12 09:44 333337 ----a-w- c:\programdata\SPLE649.tmp
2011-03-12 09:43 . 2011-03-12 09:43 333337 ----a-w- c:\programdata\SPLCA8F.tmp
2011-02-28 14:22 . 2011-02-28 14:22 325828 ----a-w- c:\programdata\SPLA106.tmp
2011-02-28 14:20 . 2011-02-28 14:20 325828 ----a-w- c:\programdata\SPL5038.tmp
2011-02-25 15:46 . 2011-02-25 15:46 52844 ----a-w- c:\programdata\SPLEFC3.tmp
2011-02-25 15:44 . 2011-02-25 15:44 52844 ----a-w- c:\programdata\SPL40BD.tmp
2011-02-21 09:43 . 2011-02-21 09:43 110635 ----a-w- c:\programdata\SPL235A.tmp
2011-02-21 09:41 . 2011-02-21 09:41 143173 ----a-w- c:\programdata\SPLB50D.tmp
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-13 20:47 . 2011-02-13 20:47 25857583 ----a-w- c:\programdata\SPL4E38.tmp
2011-02-04 20:39 . 2011-02-04 20:39 259507 ----a-w- c:\programdata\SPLA968.tmp
2011-02-04 20:38 . 2011-02-04 20:38 259507 ----a-w- c:\programdata\SPL83FD.tmp
2011-02-04 20:35 . 2011-02-04 20:35 238987 ----a-w- c:\programdata\SPLEE92.tmp
2011-02-04 20:33 . 2011-02-04 20:33 238987 ----a-w- c:\programdata\SPLBD46.tmp
2011-02-02 20:40 . 2010-05-10 20:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 08:06 . 2011-02-02 08:06 67404 ----a-w- c:\programdata\SPLC5A1.tmp
2011-02-02 08:02 . 2011-02-02 08:02 67404 ----a-w- c:\programdata\SPL9D67.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
2010-10-27 20:13 81920 ----a-w- c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9B924B9-98DF-4E68-BFFF-F11F3CD601E1}]
2010-08-19 03:12 109056 ----a-w- c:\program files\LiveFo\LiveFo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll" [2010-10-27 81920]
.
[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2009-06-21 557149]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Robert Hornshaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-16 10:25 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 13:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 09:00 136176 ----atw- c:\users\Robert Hornshaw\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2008-03-27 15:13 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2008-03-27 15:13 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (rootkit-scan)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-11-22 18:15 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2008-05-21 16:26 451896 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-20 08:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2587230002-3812537154-1661091937-1000]
"EnableNotificationsRef"=dword:00000007
.
R2 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\users\ROBERT~1\AppData\Local\Temp\nsgB854.tmp\ABP_InstallChecker.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\MP3 Rocket Toolbar\Mp3RocketSvc.exe [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-10-01 20384]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-27 98984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-02-23 112128]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:47]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:47]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2587230002-3812537154-1661091937-1000Core.job
- c:\users\Robert Hornshaw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-21 09:00]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2587230002-3812537154-1661091937-1000UA.job
- c:\users\Robert Hornshaw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-21 09:00]
.
2011-04-20 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-05-07 11:18]
.
2011-04-20 c:\windows\Tasks\User_Feed_Synchronization-{382A7587-33DD-4808-8928-734712285AAF}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-UseNeXT_is1 - c:\program files\UseNeXT\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-20 20:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2587230002-3812537154-1661091937-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*y*æ*i%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-20 20:29:11
ComboFix-quarantined-files.txt 2011-04-20 19:29
ComboFix2.txt 2010-10-25 07:01
ComboFix3.txt 2009-09-26 07:44
.
Pre-Run: 361,576,722,432 bytes free
Post-Run: 361,942,728,704 bytes free
.
- - End Of File - - 098999F1B6D4504AD3BEB8A756D5C1A9

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan - bnk.win32.keylogger.gen

Post by Superdave on 20th April 2011, 10:37 pm

Please go to [You must be registered and logged in to see this link.]
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
c:\programdata\SPL6576.tmp

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
***********************************************
* Download the following tool: [You must be registered and logged in to see this link.]
* Direct download link is here: [You must be registered and logged in to see this link.]

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click [You must be registered and logged in to see this link.] to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum