Trojan-BNK.Win32.keylogger.gen

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Wed 14 Dec 2011, 6:43 pm

hey thank you for the help first off now it lets me open otl but it wont let notepad open says its infected wont let me open much some how its letting me run firefox finally so any help would be helpful thanks

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Wed 14 Dec 2011, 7:51 pm

Hi there Dell23!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================
Careful now, you are probably infected with rogue software. For an explanation of this term you can consult e.g. Wikipedia. Whatever you do, do not buy a license for this program. If you already did, you have been scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.

The first thing we are going to do is try and temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use RKill.

====================

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

  • Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and try using Mirror #2
  • Continue process until the tool runs.
  • Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

Please download OTL by OldTimer from here and save it to your Desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 6:21 am

OTL Extras logfile created on: 12/14/2011 11:09:39 AM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joseph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.43% Memory free
4.23 Gb Paging File | 2.79 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 120.94 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: Joseph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082CD5E7-741B-405A-AAE2-4BF44C161EF5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0993657D-3CD6-4305-B1B1-5CDA4D51DEAD}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C9D295A-DD55-4196-9854-685F79980BEB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0D027BE4-BB9E-4DD2-AFE0-4F99403F6B5A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{14EDD71A-EDF6-45B0-A72B-7A554E75A6FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{187683D0-967C-4A9F-97B9-65592C058BE8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19BD72F3-5924-4DE3-8877-D45E0E616AB3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1DD01AF3-7640-4A32-A775-733CEC06D44F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26CAC123-7D4F-446E-A6E3-B828EFD5180B}" = lport=137 | protocol=17 | dir=in | app=system |
"{30B8CC92-4AE4-4E5C-8615-8E917F832FB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BF6FA04-4349-4D00-B981-9A86B8F7A298}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EA74B1E-EAE9-4E5D-A72C-F7F5B02F3974}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{416A8DEE-4D0E-42A4-89B8-929530C01BA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41A6CAC9-4BD4-4802-878F-1115DD516812}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{432AE191-10D1-4E08-AA6F-B0CF5DEB8303}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45DABE73-94AB-423F-B846-67B4EC88A821}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{483C4838-CBCD-426C-A350-440895FF238F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C984B57-8182-483E-8456-DCA2C536F0B9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4E0892CD-4B41-4B6C-9D60-2704222217BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{510D1917-C8BD-47F3-9973-B8667FFCB1D6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B548B4F-1198-4280-9D2B-FE991845FFB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F8E01ED-25F0-4CD5-AAB0-DC111929CA4F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{641EC0DB-4064-40D3-A5B9-C44E49267950}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64C3034C-33BB-4AA6-90D5-CF2356351F73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C39FAE2-98EA-4A26-BD16-40710BBAF8F0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6C79F7EB-687A-49C9-93CE-B6F235F6D3DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{77B7F5A1-0E3C-4CD9-AD10-64D646D3D820}" = rport=139 | protocol=6 | dir=out | app=system |
"{780FEB3E-64F1-4C6F-9F32-A7B687FE5F0B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF30BE6-B74D-470D-B3B5-5397EF1D835D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{88BB3241-D494-4351-857E-B2BFD619F7C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8A753115-8273-45CF-AF09-694848DA82FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DC8A090-1822-44D1-ACB0-1CA8FB7B6D0D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9B034D2F-2B15-4F40-91B2-C02CD811D95E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0429EA5-0E1D-4E1C-BC80-C25C5EA530E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{A33EB132-20C2-49E8-98A3-9AA2AE881A6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A43CB800-47CB-4FFF-9D74-CD2AD40A84F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9F9C806-8E90-445B-9860-B142F0AD1AD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6012B56-5BF1-4EE2-B7D5-5D402B823530}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C679765C-D116-439D-ACAA-5B0FF2320652}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC4C92BC-A359-473B-BDCB-11EBA3D1E1EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF5EB835-405A-4F89-8552-374BF7FA6D08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFAC958D-DC3A-41BF-9426-33F83AEF49D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5E9D17B-CBFC-4A08-911F-A61E6A635384}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D83FAAC1-AEE5-49E8-B520-16C89C4BBE10}" = lport=3074 | protocol=6 | dir=in | name=xboxlive |
"{DE3697EA-4725-4FF2-8A19-72D27B78C65C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFE38B6B-4A15-4AAC-BB47-3695FFD3449A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E69D0245-9935-4CEE-9105-5B5AC2F42C5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA6F465D-055F-4954-8388-7D297E855933}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB502607-1CF1-455E-B5C8-789F72C7CBFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F63E907F-1595-427F-A06A-CDF4D16B666A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F676F1FF-EFEA-4BCC-918C-1ACCBCFC96E1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FCF0D225-8428-424E-A3F6-1148B3BA82DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D43D32-618A-4CCC-B67E-294E8E2C44A0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{0B9D239D-8070-4B6B-9F7B-23E10D660EC8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{0CD238E7-FFFF-4E39-A59A-E4F3B2827CE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18B3C214-1559-4D09-BBF8-388C387CE80F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1951DC7B-5F94-4CFD-8326-414BC4E96A12}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{1C199E74-C787-4D81-BF9B-1499F9D1F75C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EEE6895-4EF2-465B-A6FE-E6F53B94CCB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39515A3C-B4CF-4A61-83B7-DB5BE9894B41}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{3C4DB582-E21A-4790-AA7E-157C38E5DEDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E94C91A-7E6F-428D-9F92-56746A21D898}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44112203-8D11-4919-A6C0-7E6BA6E6BB99}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{45826F8B-CE82-4399-A68D-4569DA19FF9F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{48E8ADE2-6AFD-435F-AAE6-19CE1B50C04D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4B67E719-0DF2-45C8-909B-BCBEFB32E8FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{55842D12-04EF-4892-BD74-AA973936911C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{59307E68-2E04-4AAC-90C8-26BF4A454792}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{5BB43234-C46A-446D-80C9-CC61C18D37A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{617B852D-9C23-475B-AFDD-8BEAE85E02F5}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{61EAACBC-3A16-46CA-A89F-BC4A1F722174}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A491CA4-E6F7-4A2C-AF3A-FBB4883264D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{6BA4188C-5E92-42FE-A84F-17ACD0DF4E14}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CD9B167-0DBF-4956-B0AA-CCED0B30FE56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{751E1B16-F16C-4FEA-ADEB-73A1527C8CAD}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{76AF65C9-D840-4344-AECF-D6D579F5B6E8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{7B3BE460-E2FA-430C-8F0F-A92AB380D55D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{846798AA-7EFA-40E0-9286-A270F145783D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{85FE270E-435D-4242-8F5E-D30BCE4CD75A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9905E19F-E7B8-47A1-9477-18173D38A812}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9A25187C-1FB4-4C7B-8BA9-0C09DB1CF286}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B5F42B9-1BC5-440A-AB07-A58DBB20A4C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C1A2D2A-58D0-4351-9E95-3C03DD309C62}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A560B0B9-C849-4A4C-BE07-3BCFF2AB5B3F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{A5C2D77A-9085-4CB1-AB20-595356EBB7DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{A677779E-B7EF-455D-BC7E-D9B53BDBF5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A808FBED-5412-40F7-A161-6769CD6E9CDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A84CB660-B67A-4BC6-98C5-2513D527BCF6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AFE4646E-E44B-4E6C-BEE9-1781AED98ED3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B62391FD-4BA0-4B02-B1E4-E107D671D1C0}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B98869E9-B2CB-4C40-8981-F5CEC3BDF5F0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{BBCCD1C6-AE59-418A-B0CB-4CE26785A48F}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C2F3F4DB-0C6E-4209-BFC4-07EBD3AE412B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C6484673-B0FB-468A-89C5-97B2D63D48C5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C9D296D3-8FEF-470D-B9A4-98E718DEB1F9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D3766641-DA4C-4F75-9CA0-C09A5EA5BA3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D67DC28D-0C03-450A-B7FD-AF87D3F9BD9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7953725-6692-47F1-AEE8-672DB4F3C33B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9D6BCE6-F4E0-42CE-B756-21FBA2EB105A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5C03A8-BD02-4276-B1B8-7F16F09C558A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E1C81841-070C-4424-BA8B-11E5F6C194E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E362DE59-7E25-45E1-970C-0EF8B92F4261}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EA4222DD-A024-46BB-8989-61EC70652872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA86F424-6F3B-416D-AC22-C99D44F29E6C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F655827F-93EE-413E-9676-008030CCE7EB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8D1DEC6-ED84-4D6C-ACB3-1B2BEC6CCF2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8FEA775-819F-423B-90B7-69FAB225B696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F96DFCBD-54DC-449C-B760-FC83CB145179}" = protocol=6 | dir=out | app=system |
"TCP Query User{0416927D-64D2-4C16-B7CE-22247B8E23E9}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{09807D6B-FC5A-4C23-80B7-B08BDFD42FD9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3063A23D-9629-4B8E-BA1B-DF1B8A283B0A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4E6AEAE6-A806-4C90-ADF7-3C87EBB63A16}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7E0C7A45-F9C8-4347-B3D2-6B213B074FFB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{801FA904-87DE-4582-A4E7-B91D13B1D1E2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{970147D0-24B1-4424-841E-8BF0C2D21901}C:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"TCP Query User{B02EAE59-D0DA-4997-B453-2AA4BB4FDD77}C:\windows.old\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\itunes\itunes.exe |
"TCP Query User{CB57934F-9E64-414E-AEB0-8C5DCE750EBB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0D6BA96D-0B56-4773-9F37-4FFF04552265}C:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"UDP Query User{1AA1F38C-130F-4BD4-9E95-BAF8F128B77D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4B662300-FB03-44E6-9EFE-B9397598CCCD}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{502A68EF-0A17-4D39-8142-7F859FD12927}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6CE7EF15-77DE-41D8-9560-A54461EDA94B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8A95D8A4-1BD0-4C05-9044-DB41DEB7B953}C:\windows.old\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\itunes\itunes.exe |
"UDP Query User{C50F4E11-2754-49E8-87B7-8B7DE918B911}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F8C699BD-6104-4196-B291-561B8B2C08E2}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 6:22 am

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2EAEB0A6-582A-490B-B075-D837677365C2}" = 2WIREUSBWLANInstaller
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.1.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1FB07C6-0A63-4384-B1AC-B62546F2E6D8}" = iPodRip
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F607B1F5-F067-4FC8-9518-A6F4C721CC22}" = iPodRip
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Canon iP4600 series User Registration" = Canon iP4600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy" = Cooking Academy (remove only)
"DiskAid_is1" = DiskAid 3.11
"Dream Aquarium_is1" = Dream Aquarium
"DreamAqua" = Dream Aquarium
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mplayer" = Mplayer 0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Out of the Park Baseball 6" = Out of the Park Baseball 6
"Out of the Park Baseball11" = Out of the Park Baseball 11
"PC Optimizer Pro" = PC Optimizer Pro
"Photoshop Cs4 Ultra 1.1" = Photoshop Cs4 Ultra 1.1
"Pixillion" = Pixillion Image Converter
"PokerStars.net" = PokerStars.net
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Side 9 Screensaver" = Side 9 Screensaver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TruePoker" = TruePoker
"TruePoker (High Res)" = TruePoker (High Res)
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"Veetle TV" = Veetle TV 0.9.18
"Videora iPod Converter" = Videora iPod Converter 4.04
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 4.08
"VLC media player" = VLC media player 0.9.8a
"vShare.tv plugin" = vShare.tv plugin 1.3
"WavePad" = WavePad Sound Editor
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.5
"World of Warcraft" = World of Warcraft
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"YouTube Downloader App" = YouTube Downloader App 1.03
"YouTubeGet_is1" = YouTubeGet 5.2.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RewardsArcade" = RewardsArcade
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/24/2010 2:31:07 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 2/26/2010 1:06:32 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ComboFix\catchme.cfxxe failed, 00000005.

Error - 7/16/2010 1:50:05 PM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 7/16/2010 1:50:05 PM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 1/8/2011 2:45:27 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\olepro32.dll failed, 00000005.

Error - 1/8/2011 7:44:34 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Toolbar\msidcrl40.dll failed, 00000005.

Error - 3/3/2011 3:41:42 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\dciman32.dll failed, 00000005.

Error - 3/3/2011 4:36:25 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Messenger\liveNatTrav.dll failed, 00000005.

Error - 3/4/2011 1:31:13 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Messenger\PresenceIM.dll failed, 00000005.

Error - 3/4/2011 1:31:13 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Yahoo!\Messenger\YImage.dll failed, 00000005.

[ Application Events ]
Error - 11/30/2011 4:32:17 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0xc58, application
start time 0x01ccaf9f23eb4451.

Error - 11/30/2011 4:32:35 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x1558, application
start time 0x01ccaf9f25fff381.

Error - 11/30/2011 4:32:41 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x15f0, application
start time 0x01ccaf9f312c0f01.

Error - 12/1/2011 12:29:23 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x178c, application
start time 0x01ccafe1cb5db42d.

Error - 12/2/2011 7:27:27 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x15a8, application
start time 0x01ccb149f16d91f3.

Error - 12/5/2011 4:51:00 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x150c, application
start time 0x01ccb38f96993157.

Error - 12/6/2011 5:34:52 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x1618, application
start time 0x01ccb45ee197c99b.

Error - 12/6/2011 5:34:56 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x5e4, application
start time 0x01ccb45ee28780cb.

Error - 12/9/2011 3:40:38 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0xd2c, application
start time 0x01ccb645d4a478c2.

Error - 12/9/2011 3:40:44 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x13a4, application
start time 0x01ccb645d6dc8e72.

[ Media Center Events ]
Error - 10/17/2009 4:52:07 AM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/17/2009 8:49:40 PM | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/17/2009 11:08:31 PM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 10/18/2009 5:07:54 PM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/18/2009 7:12:58 PM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/22/2009 5:29:55 AM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/22/2009 5:59:38 PM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 12/7/2010 2:58:20 AM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 2/1/2011 3:04:42 PM | Computer Name = Joseph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/14/2011 2:36:08 AM | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 12/13/2011 6:22:55 PM | Computer Name = Joseph-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.6 on
the Network Card with network address 0019D1E594AB.

Error - 12/14/2011 7:40:14 AM | Computer Name = Joseph-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2011 7:41:00 AM | Computer Name = Joseph-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:39:01 AM on 12/14/2011 was unexpected.

Error - 12/14/2011 7:40:55 AM | Computer Name = Joseph-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 7:43:31 AM | Computer Name = Joseph-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 12/14/2011 1:12:29 PM | Computer Name = Joseph-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/14/2011 3:04:35 PM | Computer Name = Joseph-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 6:24 am

OTL logfile created on: 12/14/2011 11:09:39 AM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joseph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.43% Memory free
4.23 Gb Paging File | 2.79 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 120.94 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: Joseph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 11:07:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
PRC - [2011/10/26 23:47:32 | 010,207,000 | ---- | M] (Tweaking Tools Inc) -- C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
PRC - [2011/10/26 23:46:58 | 001,727,768 | ---- | M] (Tweaking Tools Inc) -- C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe
PRC - [2011/07/26 17:23:20 | 000,397,992 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 10:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/04/19 12:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/02/08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 17:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/18 23:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2007/05/03 13:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 15:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2006/12/05 15:38:57 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/22 14:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
MOD - [2010/01/22 14:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
MOD - [2010/01/22 14:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
MOD - [2010/01/22 14:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/06 00:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/07/31 13:06:45 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/10 20:47:03 | 000,273,920 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2008/11/26 09:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 09:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 09:17:15 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/11/26 09:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 09:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/28 14:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 14:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/18 20:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/10/01 16:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/03/27 18:06:02 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/12/05 15:39:11 | 001,963,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.74.34
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=HIP&o=102874&locale=en_US&apn_uid=1a181e28-b082-4ae1-b571-5b810509a0e6&apn_ptnrs=6E&apn_sauid=D7B229F2-37E0-419C-BF3C-C9BA3016158E&apn_dtid=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Joseph\AppData\Local\RewardsArcade\498\Firefox [2011/11/10 17:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 22:26:36 | 000,000,000 | ---D | M]

[2008/11/16 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Extensions
[2011/12/12 23:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions
[2011/03/08 22:30:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 23:22:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/09 18:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127)
[2011/11/14 11:16:47 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/04/03 22:57:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\personas@christopher.beard
[2011/08/10 09:04:32 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\support@platinumhideip.com
[2011/08/10 09:06:36 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\toolbar@ask.com
[2010/10/10 09:37:40 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\vshare@toolbar
[2009/06/29 22:41:47 | 000,004,207 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml
[2010/07/09 02:13:37 | 000,002,351 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aol-search.xml
[2009/03/06 17:56:52 | 000,000,681 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\ask.xml
[2011/08/13 10:41:00 | 000,002,569 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\askcom.xml
[2009/01/31 23:34:12 | 000,001,632 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml
[2011/07/11 10:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\startsear.xml
[2010/12/05 23:54:03 | 000,001,583 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\web-search.xml
[2011/11/14 11:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/10 10:37:46 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] ("searchme") -- C:\Program Files\Mozilla Firefox\extensions\searchme@searchme.com
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 01:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/03/13 01:39:56 | 000,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.7.1 (Enabled) = C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: RewardsArcade = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.13.61_0\
CHR - Extension: vshare plugin = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Poppit = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Joseph\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 2Wire Wireless Manager - hkey= - key= - C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: AFD - C:\Windows\system32\drivers\afd.sys ()
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B73F76FE-C94C-B18F-7FAB-FF64C5218DF5} - Microsoft Windows Media Player 11.0
ActiveX: {BF2C5BB3-5E3E-1718-69DD-09CF3036F039} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 11:07:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
[2011/12/06 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Spotify
[2011/12/05 02:44:49 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\BMpa
[2011/11/28 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Uhela
[2011/11/28 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Ovv
[2011/11/22 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\Virtual DJ Pro 7.0.4 + Crack + 150 Skins
[2011/11/21 15:48:43 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011/11/21 15:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/11/21 15:48:35 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Documents\VirtualDJ
[2011/11/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\Bootie Top 15 - Nov 2011
[2011/11/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\__MACOSX
[2008/12/12 16:27:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joseph\AppData\Roaming\pcouffin.sys
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 11:07:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
[2011/12/14 11:06:06 | 001,008,120 | ---- | M] () -- C:\Users\Joseph\Desktop\rkill.exe
[2011/12/14 11:04:37 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/14 11:04:36 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\ProgramData\b0ox82m1fa8vey
[2011/12/14 11:04:04 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/12/14 11:04:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 11:04:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/12/14 10:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 09:41:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 09:41:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 03:45:46 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 03:45:46 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 03:45:08 | 000,000,327 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/12/14 03:41:18 | 000,001,865 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/12/14 03:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 21:09:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/13 21:04:15 | 000,334,848 | ---- | M] () -- C:\Users\Joseph\AppData\Local\bfg.exe
[2011/12/13 20:41:21 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/13 19:05:02 | 000,117,760 | ---- | M] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 19:03:34 | 367,019,688 | R--- | M] () -- C:\Users\Joseph\Desktop\4x02_Thirty-Eight_Snub.avi
[2011/12/13 18:52:18 | 367,528,246 | ---- | M] () -- C:\Users\Joseph\Desktop\4x01_Box_Cutter.avi
[2011/12/07 15:38:13 | 000,217,994 | ---- | M] () -- C:\Users\Joseph\Desktop\samclasss.jpg
[2011/11/27 20:43:40 | 000,001,041 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2011/11/26 21:41:10 | 000,053,653 | ---- | M] () -- C:\Users\Joseph\Desktop\joe111111.jpg
[2011/11/26 19:27:13 | 671,075,912 | R--- | M] () -- C:\Users\Joseph\Desktop\The.Hangover.PART.2.2011.720p._scOrp._.Aftms.mkv
[2011/11/25 21:30:34 | 064,648,224 | R--- | M] () -- C:\Users\Joseph\Desktop\Kreayshawn - Gucci Gucci_(720p).mp4
[2011/11/25 14:23:37 | 006,063,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/21 23:01:23 | 000,002,444 | ---- | M] () -- C:\Users\Joseph\Desktop\273439_1298962659_72962921_q.jpg
[2011/11/21 22:03:49 | 000,002,265 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/21 21:54:36 | 021,675,781 | ---- | M] () -- C:\Users\Joseph\Documents\joe1.mp3
[2011/11/21 15:48:45 | 000,000,800 | ---- | M] () -- C:\Users\Joseph\Desktop\VirtualDJ PRO Full.lnk
[2011/11/18 18:09:05 | 000,284,681 | ---- | M] () -- C:\Users\Joseph\Desktop\mcts.png
[2011/11/18 18:08:26 | 000,271,024 | ---- | M] () -- C:\Users\Joseph\Desktop\thanksmcts.png
[2011/11/18 18:07:55 | 001,935,454 | ---- | M] () -- C:\Users\Joseph\Desktop\thanksmcts.psd
[2011/11/18 16:50:07 | 000,447,800 | ---- | M] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.psd
[2011/11/18 16:46:38 | 000,027,124 | ---- | M] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.jpg
[2011/11/18 16:19:57 | 001,732,984 | ---- | M] () -- C:\Users\Joseph\Desktop\mcts.psd
[2011/11/18 15:29:46 | 000,004,845 | ---- | M] () -- C:\Users\Joseph\Desktop\dj.jpg
[2011/11/18 15:02:40 | 000,096,414 | ---- | M] () -- C:\Users\Joseph\Desktop\Party_Girls_Alternative_2_by_Thishand.jpg
[2011/11/18 14:45:28 | 000,057,262 | ---- | M] () -- C:\Users\Joseph\Desktop\autumn-leaf.jpg
[2011/11/17 20:28:54 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 11:06:05 | 001,008,120 | ---- | C] () -- C:\Users\Joseph\Desktop\rkill.exe
[2011/12/13 21:04:16 | 000,010,434 | -HS- | C] () -- C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
[2011/12/13 21:04:16 | 000,010,434 | -HS- | C] () -- C:\ProgramData\b0ox82m1fa8vey
[2011/12/13 21:04:15 | 000,334,848 | ---- | C] () -- C:\Users\Joseph\AppData\Local\bfg.exe
[2011/12/13 18:55:27 | 367,019,688 | R--- | C] () -- C:\Users\Joseph\Desktop\4x02_Thirty-Eight_Snub.avi
[2011/12/13 18:41:45 | 367,528,246 | ---- | C] () -- C:\Users\Joseph\Desktop\4x01_Box_Cutter.avi
[2011/12/07 15:38:12 | 000,217,994 | ---- | C] () -- C:\Users\Joseph\Desktop\samclasss.jpg
[2011/11/26 21:41:06 | 000,053,653 | ---- | C] () -- C:\Users\Joseph\Desktop\joe111111.jpg
[2011/11/26 18:58:37 | 671,075,912 | R--- | C] () -- C:\Users\Joseph\Desktop\The.Hangover.PART.2.2011.720p._scOrp._.Aftms.mkv
[2011/11/25 21:29:29 | 064,648,224 | R--- | C] () -- C:\Users\Joseph\Desktop\Kreayshawn - Gucci Gucci_(720p).mp4
[2011/11/21 23:01:19 | 000,002,444 | ---- | C] () -- C:\Users\Joseph\Desktop\273439_1298962659_72962921_q.jpg
[2011/11/21 21:39:33 | 021,675,781 | ---- | C] () -- C:\Users\Joseph\Documents\joe1.mp3
[2011/11/21 15:48:45 | 000,000,800 | ---- | C] () -- C:\Users\Joseph\Desktop\VirtualDJ PRO Full.lnk
[2011/11/18 18:08:19 | 000,271,024 | ---- | C] () -- C:\Users\Joseph\Desktop\thanksmcts.png
[2011/11/18 18:07:53 | 001,935,454 | ---- | C] () -- C:\Users\Joseph\Desktop\thanksmcts.psd
[2011/11/18 17:25:25 | 000,081,252 | ---- | C] () -- C:\Users\Joseph\Desktop\Alice_in_Wonderland_3.ttf
[2011/11/18 17:17:38 | 000,028,936 | ---- | C] () -- C:\Users\Joseph\Desktop\Dutch & Harley.ttf
[2011/11/18 17:17:38 | 000,027,652 | ---- | C] () -- C:\Users\Joseph\Desktop\Dutch & Harley alt.ttf
[2011/11/18 16:49:20 | 000,447,800 | ---- | C] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.psd
[2011/11/18 16:46:28 | 000,027,124 | ---- | C] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.jpg
[2011/11/18 16:27:42 | 000,284,681 | ---- | C] () -- C:\Users\Joseph\Desktop\mcts.png
[2011/11/18 16:19:53 | 001,732,984 | ---- | C] () -- C:\Users\Joseph\Desktop\mcts.psd
[2011/11/18 15:29:43 | 000,004,845 | ---- | C] () -- C:\Users\Joseph\Desktop\dj.jpg
[2011/11/18 15:02:34 | 000,096,414 | ---- | C] () -- C:\Users\Joseph\Desktop\Party_Girls_Alternative_2_by_Thishand.jpg
[2011/11/18 14:45:00 | 000,057,262 | ---- | C] () -- C:\Users\Joseph\Desktop\autumn-leaf.jpg
[2011/11/14 11:14:12 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/01/12 21:26:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 21:26:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 21:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 21:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 21:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/21 08:46:01 | 000,000,552 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d8caps.dat
[2009/09/24 15:31:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/15 20:13:23 | 000,101,172 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/10 19:41:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/09 00:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/09 00:45:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/09 00:44:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/09 00:44:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/09 00:44:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/09 00:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/07 14:40:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 14:40:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/07 14:39:35 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 11:08:58 | 000,000,600 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\winscp.rnd
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/12 23:24:31 | 000,001,865 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/02/12 23:24:30 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/02/12 23:24:30 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/12/23 00:19:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/12 16:28:35 | 000,001,041 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2008/12/12 16:27:49 | 000,007,887 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.cat
[2008/12/12 16:27:49 | 000,001,144 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.inf
[2008/12/12 14:06:41 | 000,117,760 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 03:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/15 18:38:19 | 000,023,580 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\UserTile.png
[2008/11/15 18:31:42 | 000,001,356 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 006,063,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/19 15:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005/12/22 11:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========



Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 6:25 am


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys >
[2006/11/02 00:55:12 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\1394bus.sys
[2009/04/10 22:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\acpi.sys
[2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys
[2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys
[2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys
[2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys
[2009/04/10 20:47:03 | 000,273,920 | ---- | M] () -- C:\Windows\system32\drivers\afd.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AGP440.sys
[2007/02/21 11:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys
[2006/11/02 01:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AMDAGP.SYS
[2007/02/21 11:49:48 | 000,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdide.sys
[2006/11/02 00:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk7.sys
[2006/11/02 00:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk8.sys
[2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys
[2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys
[2008/11/26 09:17:25 | 000,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2008/11/26 09:17:15 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2008/11/26 09:16:29 | 000,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\system32\drivers\aswRdr.sys
[2008/11/26 09:17:36 | 000,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\system32\drivers\aswSP.sys
[2008/11/26 09:16:38 | 000,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2008/01/18 21:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\asyncmac.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\atapi.sys
[2007/02/21 11:49:47 | 000,107,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ataport.sys
[2007/03/27 18:06:02 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\drivers\athrusb.sys
[2008/04/29 10:19:50 | 000,012,960 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\drivers\Awrtpd.sys
[2008/04/29 10:19:54 | 000,015,648 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\drivers\Awrtrd.sys
[2006/11/02 01:49:47 | 000,025,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\battc.sys
[2009/11/06 00:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\drivers\bcmwlhigh6.sys
[2008/01/18 21:53:30 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bdasup.sys
[2008/01/18 21:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\beep.sys
[2008/01/18 21:28:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bowser.sys
[2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltLo.sys
[2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltUp.sys
[2009/04/10 21:42:55 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bridge.sys
[2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerId.sys
[2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerWdm.sys
[2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbSer.sys
[2006/11/02 00:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthmodem.sys
[2008/01/18 21:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdfs.sys
[2009/04/10 20:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdrom.sys
[2006/11/02 00:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\circlass.sys
[2009/04/10 22:32:43 | 000,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Classpnp.sys
[2007/02/21 11:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys
[2006/11/02 01:49:32 | 000,018,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\compbatt.sys
[2009/04/10 22:32:30 | 000,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crashdmp.sys
[2006/11/02 01:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crcdisk.sys
[2006/11/02 00:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crusoe.sys
[2009/04/10 20:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\disk.sys
[2009/04/10 20:39:11 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Diskdump.sys
[2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys
[2008/01/18 22:53:03 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmk.sys
[2008/01/18 21:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmkaud.sys
[2009/04/10 22:32:29 | 000,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Dumpata.sys
[2008/01/18 21:36:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxapi.sys
[2009/04/10 20:23:23 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxg.sys
[2009/09/24 17:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2008/01/18 20:25:05 | 000,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\e1e6032.sys
[2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\E1G60I32.sys
[2009/04/10 22:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ecache.sys
[2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys
[2009/04/10 20:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\exfat.sys
[2009/04/10 20:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fastfat.sys
[2006/11/02 00:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fdc.sys
[2008/01/18 23:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fileinfo.sys
[2008/01/18 21:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\filetrace.sys
[2006/11/02 00:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\flpydisk.sys
[2009/04/10 22:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fltMgr.sys
[2008/01/18 21:27:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys
[2009/04/10 22:32:43 | 000,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\FWPKCLNT.SYS
[2006/11/02 01:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\GAGP30KX.SYS
[2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys
[2009/04/10 20:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hdaudbus.sys
[2009/04/10 20:43:02 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\HdAudio.sys
[2006/11/02 00:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidbth.sys
[2009/04/10 20:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidclass.sys
[2006/11/02 00:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidir.sys
[2008/01/18 21:53:16 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidparse.sys
[2009/04/10 20:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidusb.sys
[2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\HpCISSs.sys
[2010/02/20 12:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\http.sys
[2006/11/02 01:49:25 | 000,016,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omgmt.sys
[2006/11/02 01:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omp.sys
[2008/01/18 21:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i8042prt.sys
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys
[2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys
[2007/02/21 11:49:47 | 000,014,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelide.sys
[2008/01/18 21:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelppm.sys
[2008/01/18 21:56:23 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipfltdrv.sys
[2006/11/02 00:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\IPMIDrv.sys
[2008/01/18 21:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipnat.sys
[2008/01/18 21:55:26 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irda.sys
[2008/01/18 21:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irenum.sys
[2006/11/02 01:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\isapnp.sys
[2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys
[2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys
[2008/01/18 23:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdclass.sys
[2009/04/10 20:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdhid.sys
[2009/04/10 20:38:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ks.sys
[2009/06/15 15:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2008/01/18 21:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\lltdio.sys
[2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys
[2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys
[2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys
[2008/01/18 21:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\luafv.sys
[2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\drivers\LV302V32.SYS
[2011/07/06 18:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys
[2008/01/18 21:49:59 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mcd.sys
[2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys
[2008/01/18 21:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\modem.sys
[2008/01/18 21:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\monitor.sys
[2008/01/18 23:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouclass.sys
[2008/01/18 21:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouhid.sys
[2008/01/18 23:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mountmgr.sys
[2006/11/02 01:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpio.sys
[2008/01/18 21:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpsdrv.sys
[2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\Mraid35x.sys
[2009/04/10 20:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxdav.sys
[2010/02/23 03:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys
[2010/02/23 03:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys
[2010/02/23 03:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys
[2007/02/21 11:49:47 | 000,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msahci.sys
[2006/11/02 01:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msdsm.sys
[2008/01/18 21:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msfs.sys
[2008/01/18 23:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msisadrv.sys
[2009/04/10 22:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msiscsi.sys
[2008/01/18 21:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mskssrv.sys
[2008/01/18 21:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspclock.sys
[2008/01/18 21:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspqm.sys
[2009/04/10 22:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msrpc.sys
[2008/01/18 23:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mssmbios.sys
[2008/01/18 21:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mstee.sys
[2009/04/10 22:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mup.sys
[2009/04/10 22:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndis.sys
[2008/01/18 21:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndistapi.sys
[2008/01/18 21:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndisuio.sys
[2009/04/10 20:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndiswan.sys
[2008/01/18 21:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndproxy.sys
[2008/01/18 21:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbios.sys
[2009/04/10 20:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys
[2009/04/10 22:32:46 | 000,223,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netio.sys
[2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys
[2009/04/10 20:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\npfs.sys
[2008/04/29 10:20:00 | 000,015,648 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\drivers\NSDriver.sys
[2008/01/18 21:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nsiproxy.sys
[2009/04/10 22:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys
[2008/01/18 21:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\null.sys
[2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys
[2007/01/05 21:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys
[2006/11/02 01:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\NV_AGP.SYS
[2009/04/10 20:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nwifi.sys
[2006/11/02 00:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ohci1394.sys
[2009/04/10 20:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pacer.sys
[2006/11/02 00:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parport.sys
[2009/04/10 22:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2006/11/02 00:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parvdm.sys
[2009/04/10 22:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pci.sys
[2007/02/21 11:49:47 | 000,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciide.sys
[2007/02/21 11:49:47 | 000,042,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciidex.sys
[2006/11/02 01:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pcmcia.sys
[2008/12/12 16:27:49 | 000,047,360 | ---- | M] (VSO Software) -- C:\Windows\system32\drivers\pcouffin.sys
[2006/11/02 01:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\PEAuth.sys
[2009/04/10 20:42:50 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\portcls.sys
[2006/11/02 00:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\processr.sys
[2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys
[2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys
[2008/01/18 21:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\qwavedrv.sys
[2008/01/18 21:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasacd.sys
[2008/01/18 21:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasl2tp.sys
[2009/04/10 20:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspppoe.sys
[2008/01/18 21:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspptp.sys
[2009/04/10 20:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rassstp.sys
[2009/04/10 20:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdbss.sys
[2008/01/18 22:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPCDD.sys
[2006/11/02 01:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpdr.sys
[2008/01/18 22:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPENCDD.sys
[2009/04/10 20:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2008/04/16 13:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\system32\drivers\RimUsb.sys
[2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rmcast.sys
[2009/04/10 20:46:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RNDISMP.sys
[2008/01/18 21:57:15 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rootmdm.sys
[2008/01/18 21:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rspndr.sys
[2006/11/02 01:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sbp2port.sys
[2008/01/18 23:42:10 | 000,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\scsiport.sys
[2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\system32\drivers\secdrv.sys
[2006/11/02 00:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serenum.sys
[2006/11/02 00:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serial.sys
[2008/01/18 21:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sermouse.sys
[2006/11/02 00:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffdisk.sys
[2006/11/02 00:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_mmc.sys
[2006/11/02 00:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_sd.sys
[2006/11/02 00:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sfloppy.sys
[2006/11/02 01:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\SISAGP.SYS
[2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys
[2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys
[2009/04/10 20:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smb.sys
[2008/01/18 21:49:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smclib.sys
[2008/01/18 23:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spldr.sys
[2009/04/10 18:52:40 | 000,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spsys.sys
[2009/07/31 13:06:45 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\system32\drivers\sptd.sys
[2010/09/06 05:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys
[2010/09/06 05:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys
[2010/09/06 05:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys
[2009/04/10 22:32:54 | 000,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Storport.sys
[2009/04/10 20:42:47 | 000,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\stream.sys
[2008/01/18 23:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\swenum.sys
[2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys
[2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys
[2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys
[2008/01/18 21:49:56 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tape.sys
[2010/06/16 08:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2009/12/08 09:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys
[2008/01/18 21:57:10 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdi.sys
[2008/01/18 22:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdpipe.sys
[2008/01/18 22:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdtcp.sys
[2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdx.sys
[2009/04/10 22:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\termdd.sys
[2008/01/18 22:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tssecsrv.sys
[2008/01/18 21:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\TUNMP.SYS
[2010/02/18 03:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tunnel.sys
[2006/11/02 01:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\UAGP35.SYS
[2009/04/10 20:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\udfs.sys
[2006/11/02 01:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ULIAGPKX.SYS
[2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys
[2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys
[2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys
[2008/01/18 21:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umbus.sys
[2008/01/18 21:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umpass.sys
[2009/04/10 20:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usb8023.sys
[2011/02/18 15:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\system32\drivers\usbaapl.sys
[2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBAUDIO.sys
[2009/04/10 20:42:56 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD.sys
[2009/04/10 20:42:56 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD2.sys
[2008/01/18 21:53:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbccgp.sys
[2006/11/02 00:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbcir.sys
[2008/01/18 21:53:17 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbd.sys
[2009/04/10 20:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbehci.sys
[2009/04/10 20:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbhub.sys
[2006/11/02 00:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbohci.sys
[2009/04/10 20:42:57 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbport.sys
[2008/01/18 22:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbprint.sys
[2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBSTOR.SYS
[2008/01/18 21:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbuhci.sys
[2008/01/18 21:53:38 | 000,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbvideo.sys
[2008/01/18 21:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vga.sys
[2006/11/02 00:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vgapnp.sys
[2006/11/02 01:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\VIAAGP.SYS
[2006/11/02 00:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viac7.sys
[2007/02/21 11:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys
[2008/01/18 21:52:12 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\videoprt.sys
[2008/01/18 23:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgr.sys
[2009/04/10 22:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgrx.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volsnap.sys
[2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys
[2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\drivers\VSTBS23.SYS
[2006/11/01 23:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\drivers\VSTCNXT3.SYS
[2006/11/01 23:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\drivers\VSTDPV3.SYS
[2006/12/05 15:39:11 | 001,963,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\VX1000.sys
[2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\VX3000.sys
[2006/11/02 00:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wacompen.sys
[2008/01/18 21:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wanarp.sys
[2009/04/10 20:22:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\watchdog.sys
[2006/11/02 01:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wd.sys
[2009/04/22 14:27:02 | 000,445,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Wdf01000.sys
[2009/04/22 14:27:02 | 000,038,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfLdr.sys
[2006/11/02 00:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmiacpi.sys
[2008/01/18 23:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmilib.sys
[2009/09/30 17:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WpdUsb.sys
[2008/01/18 21:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ws2ifsl.sys
[2008/01/18 21:52:50 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFPf.sys
[2008/01/18 21:53:04 | 000,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFRd.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/15 17:51:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/08/05 08:52:50 | 000,012,042 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/21 23:23:45 | 000,005,037 | RH-- | M] () -- C:\dell.sdr
[2010/04/10 21:47:19 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[2008/04/20 17:22:40 | 000,057,624 | ---- | M] () -- C:\img2-002.raw
[2010/06/05 23:42:53 | 000,115,224 | ---- | M] () -- C:\img2-003.raw
[2010/07/08 10:13:46 | 000,001,108 | -H-- | M] () -- C:\IPH.PH
[2011/12/14 03:40:55 | 2459,136,000 | -HS- | M] () -- C:\pagefile.sys
[2011/12/14 11:08:33 | 000,000,413 | ---- | M] () -- C:\rkill.log
[2007/11/07 19:13:47 | 000,000,152 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2008/12/10 11:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire Wireless Manager
[2009/07/31 12:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/29 02:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2008/11/20 20:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/06/22 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/08/10 00:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/03/05 22:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2009/03/05 22:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2008/11/20 17:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2011/05/05 00:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/12/25 13:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/12/25 13:11:24 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/09/24 16:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2010/01/07 02:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\DigiDNA
[2010/06/23 00:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Aquarium
[2009/01/08 16:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2010/05/04 18:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/11/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2009/03/02 14:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/11/14 10:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/10/02 20:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\HooTech
[2010/02/10 23:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2009/09/09 18:56:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/16 12:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/02 19:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/09/12 19:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/05/12 22:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2011/05/05 00:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/03/16 12:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPodRip
[2011/05/05 00:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/22 00:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/20 15:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/11 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Kingdia Software
[2008/11/20 18:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/09/09 19:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/03/02 17:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Makayama Interactive
[2011/08/06 17:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 22:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/12/23 00:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/31 22:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2008/12/23 00:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/29 23:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/25 22:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/29 23:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/29 23:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/06/25 02:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/15 00:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 19:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/11/10 17:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mplayer
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/28 00:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/10/02 20:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/11/29 10:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/07/19 02:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/08/02 16:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\ootp10setup
[2009/10/20 15:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/09/24 16:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Out of the Park Developments
[2009/09/09 18:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2011/11/10 17:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\PC Optimizer Pro
[2009/12/27 12:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2009/05/23 11:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickFreedom
[2011/05/05 00:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/11/10 17:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcade
[2011/05/05 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/09/10 19:39:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/18 21:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/09 12:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\TruePoker
[2009/09/08 16:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity
[2009/09/08 16:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity Codec Pack
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/14 10:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/12/11 21:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/11/21 15:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2011/10/23 09:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin
[2010/02/18 15:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/11/24 14:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/05/10 22:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVI Video Converter
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/08/18 14:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/29 23:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/31 22:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/01/08 00:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 03:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/28 12:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/07 02:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Xobni
[2009/09/09 00:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2010/08/04 20:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/10/15 15:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Thu 15 Dec 2011, 6:55 am

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Users\Joseph\AppData\Roaming\Uhela
C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
C:\ProgramData\b0ox82m1fa8vey
C:\Windows\tasks\PC Optimizer Pro startups.job
C:\Windows\tasks\AWC Startup.job
C:\Users\Joseph\AppData\Local\bfg.exe
C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
@C:\ProgramData\TEMP:5C321E34
C:\Windows\System32\mmf.sys

:otl
O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe ()

:commands
[resethosts]
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 5:47 pm

OTL logfile created on: 12/14/2011 11:58:53 AM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joseph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.22% Memory free
4.23 Gb Paging File | 2.77 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 120.95 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: Joseph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 11:07:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
PRC - [2011/10/26 23:47:32 | 010,207,000 | ---- | M] (Tweaking Tools Inc) -- C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
PRC - [2011/07/26 17:23:20 | 000,397,992 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 10:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/04/19 12:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/02/08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 17:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/18 23:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2007/05/03 13:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 15:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2006/12/05 15:38:57 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/22 14:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
MOD - [2010/01/22 14:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
MOD - [2010/01/22 14:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
MOD - [2010/01/22 14:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/06 00:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/07/31 13:06:45 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/10 20:47:03 | 000,273,920 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2008/11/26 09:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 09:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 09:17:15 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/11/26 09:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 09:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/28 14:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 14:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/18 20:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/10/01 16:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/03/27 18:06:02 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/12/05 15:39:11 | 001,963,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.74.34
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=HIP&o=102874&locale=en_US&apn_uid=1a181e28-b082-4ae1-b571-5b810509a0e6&apn_ptnrs=6E&apn_sauid=D7B229F2-37E0-419C-BF3C-C9BA3016158E&apn_dtid=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Joseph\AppData\Local\RewardsArcade\498\Firefox [2011/11/10 17:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 22:26:36 | 000,000,000 | ---D | M]

[2008/11/16 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Extensions
[2011/12/12 23:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions
[2011/03/08 22:30:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 23:22:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/09 18:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127)
[2011/11/14 11:16:47 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/04/03 22:57:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\personas@christopher.beard
[2011/08/10 09:04:32 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\support@platinumhideip.com
[2011/08/10 09:06:36 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\toolbar@ask.com
[2010/10/10 09:37:40 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\vshare@toolbar
[2009/06/29 22:41:47 | 000,004,207 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml
[2010/07/09 02:13:37 | 000,002,351 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aol-search.xml
[2009/03/06 17:56:52 | 000,000,681 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\ask.xml
[2011/08/13 10:41:00 | 000,002,569 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\askcom.xml
[2009/01/31 23:34:12 | 000,001,632 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml
[2011/07/11 10:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\startsear.xml
[2010/12/05 23:54:03 | 000,001,583 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\web-search.xml
[2011/11/14 11:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/10 10:37:46 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] ("searchme") -- C:\Program Files\Mozilla Firefox\extensions\searchme@searchme.com
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 01:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/03/13 01:39:56 | 000,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.7.1 (Enabled) = C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: RewardsArcade = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.13.61_0\
CHR - Extension: vshare plugin = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Poppit = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Joseph\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 5:50 pm

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 11:07:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
[2011/12/06 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Spotify
[2011/12/05 02:44:49 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\BMpa
[2011/11/28 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Uhela
[2011/11/28 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Ovv
[2011/11/22 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\Virtual DJ Pro 7.0.4 + Crack + 150 Skins
[2011/11/21 15:48:43 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011/11/21 15:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/11/21 15:48:35 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Documents\VirtualDJ
[2011/11/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\Bootie Top 15 - Nov 2011
[2011/11/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\__MACOSX
[2008/12/12 16:27:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joseph\AppData\Roaming\pcouffin.sys
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 11:41:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 11:41:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 11:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 11:07:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joseph\Desktop\OTL.exe
[2011/12/14 11:06:06 | 001,008,120 | ---- | M] () -- C:\Users\Joseph\Desktop\rkill.exe
[2011/12/14 11:04:37 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/14 11:04:36 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\ProgramData\b0ox82m1fa8vey
[2011/12/14 11:04:04 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/12/14 11:04:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 11:04:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/12/14 03:45:46 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 03:45:46 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 03:45:08 | 000,000,327 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/12/14 03:41:18 | 000,001,865 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/12/14 03:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 21:09:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/13 21:04:15 | 000,334,848 | ---- | M] () -- C:\Users\Joseph\AppData\Local\bfg.exe
[2011/12/13 20:41:21 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/13 19:05:02 | 000,117,760 | ---- | M] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 19:03:34 | 367,019,688 | R--- | M] () -- C:\Users\Joseph\Desktop\4x02_Thirty-Eight_Snub.avi
[2011/12/13 18:52:18 | 367,528,246 | ---- | M] () -- C:\Users\Joseph\Desktop\4x01_Box_Cutter.avi
[2011/12/07 15:38:13 | 000,217,994 | ---- | M] () -- C:\Users\Joseph\Desktop\samclasss.jpg
[2011/11/27 20:43:40 | 000,001,041 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2011/11/26 21:41:10 | 000,053,653 | ---- | M] () -- C:\Users\Joseph\Desktop\joe111111.jpg
[2011/11/26 19:27:13 | 671,075,912 | R--- | M] () -- C:\Users\Joseph\Desktop\The.Hangover.PART.2.2011.720p._scOrp._.Aftms.mkv
[2011/11/25 21:30:34 | 064,648,224 | R--- | M] () -- C:\Users\Joseph\Desktop\Kreayshawn - Gucci Gucci_(720p).mp4
[2011/11/25 14:23:37 | 006,063,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/21 23:01:23 | 000,002,444 | ---- | M] () -- C:\Users\Joseph\Desktop\273439_1298962659_72962921_q.jpg
[2011/11/21 22:03:49 | 000,002,265 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/21 21:54:36 | 021,675,781 | ---- | M] () -- C:\Users\Joseph\Documents\joe1.mp3
[2011/11/21 15:48:45 | 000,000,800 | ---- | M] () -- C:\Users\Joseph\Desktop\VirtualDJ PRO Full.lnk
[2011/11/18 18:09:05 | 000,284,681 | ---- | M] () -- C:\Users\Joseph\Desktop\mcts.png
[2011/11/18 18:08:26 | 000,271,024 | ---- | M] () -- C:\Users\Joseph\Desktop\thanksmcts.png
[2011/11/18 18:07:55 | 001,935,454 | ---- | M] () -- C:\Users\Joseph\Desktop\thanksmcts.psd
[2011/11/18 16:50:07 | 000,447,800 | ---- | M] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.psd
[2011/11/18 16:46:38 | 000,027,124 | ---- | M] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.jpg
[2011/11/18 16:19:57 | 001,732,984 | ---- | M] () -- C:\Users\Joseph\Desktop\mcts.psd
[2011/11/18 15:29:46 | 000,004,845 | ---- | M] () -- C:\Users\Joseph\Desktop\dj.jpg
[2011/11/18 15:02:40 | 000,096,414 | ---- | M] () -- C:\Users\Joseph\Desktop\Party_Girls_Alternative_2_by_Thishand.jpg
[2011/11/18 14:45:28 | 000,057,262 | ---- | M] () -- C:\Users\Joseph\Desktop\autumn-leaf.jpg
[2011/11/17 20:28:54 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 11:06:05 | 001,008,120 | ---- | C] () -- C:\Users\Joseph\Desktop\rkill.exe
[2011/12/13 21:04:16 | 000,010,434 | -HS- | C] () -- C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
[2011/12/13 21:04:16 | 000,010,434 | -HS- | C] () -- C:\ProgramData\b0ox82m1fa8vey
[2011/12/13 21:04:15 | 000,334,848 | ---- | C] () -- C:\Users\Joseph\AppData\Local\bfg.exe
[2011/12/13 18:55:27 | 367,019,688 | R--- | C] () -- C:\Users\Joseph\Desktop\4x02_Thirty-Eight_Snub.avi
[2011/12/13 18:41:45 | 367,528,246 | ---- | C] () -- C:\Users\Joseph\Desktop\4x01_Box_Cutter.avi
[2011/12/07 15:38:12 | 000,217,994 | ---- | C] () -- C:\Users\Joseph\Desktop\samclasss.jpg
[2011/11/26 21:41:06 | 000,053,653 | ---- | C] () -- C:\Users\Joseph\Desktop\joe111111.jpg
[2011/11/26 18:58:37 | 671,075,912 | R--- | C] () -- C:\Users\Joseph\Desktop\The.Hangover.PART.2.2011.720p._scOrp._.Aftms.mkv
[2011/11/25 21:29:29 | 064,648,224 | R--- | C] () -- C:\Users\Joseph\Desktop\Kreayshawn - Gucci Gucci_(720p).mp4
[2011/11/21 23:01:19 | 000,002,444 | ---- | C] () -- C:\Users\Joseph\Desktop\273439_1298962659_72962921_q.jpg
[2011/11/21 21:39:33 | 021,675,781 | ---- | C] () -- C:\Users\Joseph\Documents\joe1.mp3
[2011/11/21 15:48:45 | 000,000,800 | ---- | C] () -- C:\Users\Joseph\Desktop\VirtualDJ PRO Full.lnk
[2011/11/18 18:08:19 | 000,271,024 | ---- | C] () -- C:\Users\Joseph\Desktop\thanksmcts.png
[2011/11/18 18:07:53 | 001,935,454 | ---- | C] () -- C:\Users\Joseph\Desktop\thanksmcts.psd
[2011/11/18 17:25:25 | 000,081,252 | ---- | C] () -- C:\Users\Joseph\Desktop\Alice_in_Wonderland_3.ttf
[2011/11/18 17:17:38 | 000,028,936 | ---- | C] () -- C:\Users\Joseph\Desktop\Dutch & Harley.ttf
[2011/11/18 17:17:38 | 000,027,652 | ---- | C] () -- C:\Users\Joseph\Desktop\Dutch & Harley alt.ttf
[2011/11/18 16:49:20 | 000,447,800 | ---- | C] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.psd
[2011/11/18 16:46:28 | 000,027,124 | ---- | C] () -- C:\Users\Joseph\Desktop\toon-thanksgiving-turkey-thumb3532733.jpg
[2011/11/18 16:27:42 | 000,284,681 | ---- | C] () -- C:\Users\Joseph\Desktop\mcts.png
[2011/11/18 16:19:53 | 001,732,984 | ---- | C] () -- C:\Users\Joseph\Desktop\mcts.psd
[2011/11/18 15:29:43 | 000,004,845 | ---- | C] () -- C:\Users\Joseph\Desktop\dj.jpg
[2011/11/18 15:02:34 | 000,096,414 | ---- | C] () -- C:\Users\Joseph\Desktop\Party_Girls_Alternative_2_by_Thishand.jpg
[2011/11/18 14:45:00 | 000,057,262 | ---- | C] () -- C:\Users\Joseph\Desktop\autumn-leaf.jpg
[2011/01/12 21:26:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 21:26:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 21:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 21:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 21:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/21 08:46:01 | 000,000,552 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d8caps.dat
[2009/09/24 15:31:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/15 20:13:23 | 000,101,172 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/10 19:41:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/09 00:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/09 00:45:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/09 00:44:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/09 00:44:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/09 00:44:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/09 00:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/07 14:40:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 14:40:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/07 14:39:35 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 11:08:58 | 000,000,600 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\winscp.rnd
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/12 23:24:31 | 000,001,865 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/02/12 23:24:30 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/02/12 23:24:30 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/12/23 00:19:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/12 16:28:35 | 000,001,041 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2008/12/12 16:27:49 | 000,007,887 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.cat
[2008/12/12 16:27:49 | 000,001,144 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.inf
[2008/12/12 14:06:41 | 000,117,760 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 03:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/15 18:38:19 | 000,023,580 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\UserTile.png
[2008/11/15 18:31:42 | 000,001,356 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 006,063,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/19 15:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005/12/22 11:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< :files >

< C:\Users\Joseph\AppData\Roaming\Uhela >

< C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey >
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

< C:\ProgramData\b0ox82m1fa8vey >
[2011/12/14 11:04:31 | 000,010,434 | -HS- | M] () -- C:\ProgramData\b0ox82m1fa8vey

< C:\Windows\tasks\PC Optimizer Pro startups.job >
[2011/12/14 11:04:04 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job

< C:\Windows\tasks\AWC Startup.job >
[2011/12/14 11:04:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

< C:\Users\Joseph\AppData\Local\bfg.exe >
[2011/12/13 21:04:15 | 000,334,848 | ---- | M] () -- C:\Users\Joseph\AppData\Local\bfg.exe
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

< C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job >
[2011/12/13 20:41:21 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job

< @C:\ProgramData\TEMP:5C321E34 >

< >

< :otl >

< O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe () >

< >

< :commands >

< [resethosts] >

< [reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 5:52 pm

OTL Extras logfile created on: 12/14/2011 11:58:53 AM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joseph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.22% Memory free
4.23 Gb Paging File | 2.77 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 120.95 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: Joseph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082CD5E7-741B-405A-AAE2-4BF44C161EF5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0993657D-3CD6-4305-B1B1-5CDA4D51DEAD}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C9D295A-DD55-4196-9854-685F79980BEB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0D027BE4-BB9E-4DD2-AFE0-4F99403F6B5A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{14EDD71A-EDF6-45B0-A72B-7A554E75A6FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{187683D0-967C-4A9F-97B9-65592C058BE8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19BD72F3-5924-4DE3-8877-D45E0E616AB3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1DD01AF3-7640-4A32-A775-733CEC06D44F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26CAC123-7D4F-446E-A6E3-B828EFD5180B}" = lport=137 | protocol=17 | dir=in | app=system |
"{30B8CC92-4AE4-4E5C-8615-8E917F832FB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BF6FA04-4349-4D00-B981-9A86B8F7A298}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EA74B1E-EAE9-4E5D-A72C-F7F5B02F3974}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{416A8DEE-4D0E-42A4-89B8-929530C01BA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41A6CAC9-4BD4-4802-878F-1115DD516812}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{432AE191-10D1-4E08-AA6F-B0CF5DEB8303}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45DABE73-94AB-423F-B846-67B4EC88A821}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{483C4838-CBCD-426C-A350-440895FF238F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C984B57-8182-483E-8456-DCA2C536F0B9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4E0892CD-4B41-4B6C-9D60-2704222217BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{510D1917-C8BD-47F3-9973-B8667FFCB1D6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B548B4F-1198-4280-9D2B-FE991845FFB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F8E01ED-25F0-4CD5-AAB0-DC111929CA4F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{641EC0DB-4064-40D3-A5B9-C44E49267950}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64C3034C-33BB-4AA6-90D5-CF2356351F73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C39FAE2-98EA-4A26-BD16-40710BBAF8F0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6C79F7EB-687A-49C9-93CE-B6F235F6D3DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{77B7F5A1-0E3C-4CD9-AD10-64D646D3D820}" = rport=139 | protocol=6 | dir=out | app=system |
"{780FEB3E-64F1-4C6F-9F32-A7B687FE5F0B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF30BE6-B74D-470D-B3B5-5397EF1D835D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{88BB3241-D494-4351-857E-B2BFD619F7C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8A753115-8273-45CF-AF09-694848DA82FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DC8A090-1822-44D1-ACB0-1CA8FB7B6D0D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9B034D2F-2B15-4F40-91B2-C02CD811D95E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0429EA5-0E1D-4E1C-BC80-C25C5EA530E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{A33EB132-20C2-49E8-98A3-9AA2AE881A6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A43CB800-47CB-4FFF-9D74-CD2AD40A84F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9F9C806-8E90-445B-9860-B142F0AD1AD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6012B56-5BF1-4EE2-B7D5-5D402B823530}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C679765C-D116-439D-ACAA-5B0FF2320652}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC4C92BC-A359-473B-BDCB-11EBA3D1E1EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF5EB835-405A-4F89-8552-374BF7FA6D08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFAC958D-DC3A-41BF-9426-33F83AEF49D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5E9D17B-CBFC-4A08-911F-A61E6A635384}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D83FAAC1-AEE5-49E8-B520-16C89C4BBE10}" = lport=3074 | protocol=6 | dir=in | name=xboxlive |
"{DE3697EA-4725-4FF2-8A19-72D27B78C65C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFE38B6B-4A15-4AAC-BB47-3695FFD3449A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E69D0245-9935-4CEE-9105-5B5AC2F42C5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA6F465D-055F-4954-8388-7D297E855933}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB502607-1CF1-455E-B5C8-789F72C7CBFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F63E907F-1595-427F-A06A-CDF4D16B666A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F676F1FF-EFEA-4BCC-918C-1ACCBCFC96E1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FCF0D225-8428-424E-A3F6-1148B3BA82DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D43D32-618A-4CCC-B67E-294E8E2C44A0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{0B9D239D-8070-4B6B-9F7B-23E10D660EC8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{0CD238E7-FFFF-4E39-A59A-E4F3B2827CE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18B3C214-1559-4D09-BBF8-388C387CE80F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1951DC7B-5F94-4CFD-8326-414BC4E96A12}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{1C199E74-C787-4D81-BF9B-1499F9D1F75C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EEE6895-4EF2-465B-A6FE-E6F53B94CCB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39515A3C-B4CF-4A61-83B7-DB5BE9894B41}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{3C4DB582-E21A-4790-AA7E-157C38E5DEDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E94C91A-7E6F-428D-9F92-56746A21D898}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44112203-8D11-4919-A6C0-7E6BA6E6BB99}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{45826F8B-CE82-4399-A68D-4569DA19FF9F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{48E8ADE2-6AFD-435F-AAE6-19CE1B50C04D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4B67E719-0DF2-45C8-909B-BCBEFB32E8FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{55842D12-04EF-4892-BD74-AA973936911C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{59307E68-2E04-4AAC-90C8-26BF4A454792}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{5BB43234-C46A-446D-80C9-CC61C18D37A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{617B852D-9C23-475B-AFDD-8BEAE85E02F5}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{61EAACBC-3A16-46CA-A89F-BC4A1F722174}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A491CA4-E6F7-4A2C-AF3A-FBB4883264D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{6BA4188C-5E92-42FE-A84F-17ACD0DF4E14}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CD9B167-0DBF-4956-B0AA-CCED0B30FE56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{751E1B16-F16C-4FEA-ADEB-73A1527C8CAD}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{76AF65C9-D840-4344-AECF-D6D579F5B6E8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{7B3BE460-E2FA-430C-8F0F-A92AB380D55D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{846798AA-7EFA-40E0-9286-A270F145783D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{85FE270E-435D-4242-8F5E-D30BCE4CD75A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9905E19F-E7B8-47A1-9477-18173D38A812}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9A25187C-1FB4-4C7B-8BA9-0C09DB1CF286}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B5F42B9-1BC5-440A-AB07-A58DBB20A4C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C1A2D2A-58D0-4351-9E95-3C03DD309C62}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A560B0B9-C849-4A4C-BE07-3BCFF2AB5B3F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{A5C2D77A-9085-4CB1-AB20-595356EBB7DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{A677779E-B7EF-455D-BC7E-D9B53BDBF5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A808FBED-5412-40F7-A161-6769CD6E9CDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A84CB660-B67A-4BC6-98C5-2513D527BCF6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AFE4646E-E44B-4E6C-BEE9-1781AED98ED3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B62391FD-4BA0-4B02-B1E4-E107D671D1C0}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B98869E9-B2CB-4C40-8981-F5CEC3BDF5F0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{BBCCD1C6-AE59-418A-B0CB-4CE26785A48F}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C2F3F4DB-0C6E-4209-BFC4-07EBD3AE412B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C6484673-B0FB-468A-89C5-97B2D63D48C5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C9D296D3-8FEF-470D-B9A4-98E718DEB1F9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D3766641-DA4C-4F75-9CA0-C09A5EA5BA3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D67DC28D-0C03-450A-B7FD-AF87D3F9BD9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7953725-6692-47F1-AEE8-672DB4F3C33B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9D6BCE6-F4E0-42CE-B756-21FBA2EB105A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5C03A8-BD02-4276-B1B8-7F16F09C558A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E1C81841-070C-4424-BA8B-11E5F6C194E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E362DE59-7E25-45E1-970C-0EF8B92F4261}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EA4222DD-A024-46BB-8989-61EC70652872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA86F424-6F3B-416D-AC22-C99D44F29E6C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F655827F-93EE-413E-9676-008030CCE7EB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8D1DEC6-ED84-4D6C-ACB3-1B2BEC6CCF2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8FEA775-819F-423B-90B7-69FAB225B696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F96DFCBD-54DC-449C-B760-FC83CB145179}" = protocol=6 | dir=out | app=system |
"TCP Query User{0416927D-64D2-4C16-B7CE-22247B8E23E9}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{09807D6B-FC5A-4C23-80B7-B08BDFD42FD9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3063A23D-9629-4B8E-BA1B-DF1B8A283B0A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4E6AEAE6-A806-4C90-ADF7-3C87EBB63A16}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7E0C7A45-F9C8-4347-B3D2-6B213B074FFB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{801FA904-87DE-4582-A4E7-B91D13B1D1E2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{970147D0-24B1-4424-841E-8BF0C2D21901}C:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"TCP Query User{B02EAE59-D0DA-4997-B453-2AA4BB4FDD77}C:\windows.old\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\itunes\itunes.exe |
"TCP Query User{CB57934F-9E64-414E-AEB0-8C5DCE750EBB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0D6BA96D-0B56-4773-9F37-4FFF04552265}C:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\users\joseph\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"UDP Query User{1AA1F38C-130F-4BD4-9E95-BAF8F128B77D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4B662300-FB03-44E6-9EFE-B9397598CCCD}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{502A68EF-0A17-4D39-8142-7F859FD12927}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6CE7EF15-77DE-41D8-9560-A54461EDA94B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8A95D8A4-1BD0-4C05-9044-DB41DEB7B953}C:\windows.old\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\itunes\itunes.exe |
"UDP Query User{C50F4E11-2754-49E8-87B7-8B7DE918B911}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F8C699BD-6104-4196-B291-561B8B2C08E2}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2EAEB0A6-582A-490B-B075-D837677365C2}" = 2WIREUSBWLANInstaller
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.1.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1FB07C6-0A63-4384-B1AC-B62546F2E6D8}" = iPodRip
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F607B1F5-F067-4FC8-9518-A6F4C721CC22}" = iPodRip
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Canon iP4600 series User Registration" = Canon iP4600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy" = Cooking Academy (remove only)
"DiskAid_is1" = DiskAid 3.11
"Dream Aquarium_is1" = Dream Aquarium
"DreamAqua" = Dream Aquarium
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mplayer" = Mplayer 0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Out of the Park Baseball 6" = Out of the Park Baseball 6
"Out of the Park Baseball11" = Out of the Park Baseball 11
"PC Optimizer Pro" = PC Optimizer Pro
"Photoshop Cs4 Ultra 1.1" = Photoshop Cs4 Ultra 1.1
"Pixillion" = Pixillion Image Converter
"PokerStars.net" = PokerStars.net
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Side 9 Screensaver" = Side 9 Screensaver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TruePoker" = TruePoker
"TruePoker (High Res)" = TruePoker (High Res)
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"Veetle TV" = Veetle TV 0.9.18
"Videora iPod Converter" = Videora iPod Converter 4.04
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 4.08
"VLC media player" = VLC media player 0.9.8a
"vShare.tv plugin" = vShare.tv plugin 1.3
"WavePad" = WavePad Sound Editor
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.5
"World of Warcraft" = World of Warcraft
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"YouTube Downloader App" = YouTube Downloader App 1.03
"YouTubeGet_is1" = YouTubeGet 5.2.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RewardsArcade" = RewardsArcade
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/24/2010 2:31:07 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 2/26/2010 1:06:32 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ComboFix\catchme.cfxxe failed, 00000005.

Error - 7/16/2010 1:50:05 PM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 7/16/2010 1:50:05 PM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 1/8/2011 2:45:27 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\olepro32.dll failed, 00000005.

Error - 1/8/2011 7:44:34 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Toolbar\msidcrl40.dll failed, 00000005.

Error - 3/3/2011 3:41:42 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\dciman32.dll failed, 00000005.

Error - 3/3/2011 4:36:25 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Messenger\liveNatTrav.dll failed, 00000005.

Error - 3/4/2011 1:31:13 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Windows Live\Messenger\PresenceIM.dll failed, 00000005.

Error - 3/4/2011 1:31:13 AM | Computer Name = Joseph-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Yahoo!\Messenger\YImage.dll failed, 00000005.

[ Application Events ]
Error - 11/30/2011 4:32:17 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0xc58, application
start time 0x01ccaf9f23eb4451.

Error - 11/30/2011 4:32:35 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x1558, application
start time 0x01ccaf9f25fff381.

Error - 11/30/2011 4:32:41 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x15f0, application
start time 0x01ccaf9f312c0f01.

Error - 12/1/2011 12:29:23 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x178c, application
start time 0x01ccafe1cb5db42d.

Error - 12/2/2011 7:27:27 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x15a8, application
start time 0x01ccb149f16d91f3.

Error - 12/5/2011 4:51:00 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x150c, application
start time 0x01ccb38f96993157.

Error - 12/6/2011 5:34:52 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x1618, application
start time 0x01ccb45ee197c99b.

Error - 12/6/2011 5:34:56 PM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x5e4, application
start time 0x01ccb45ee28780cb.

Error - 12/9/2011 3:40:38 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0xd2c, application
start time 0x01ccb645d4a478c2.

Error - 12/9/2011 3:40:44 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.121, time stamp
0x4ec1cf8b, faulting module chrome.dll, version 15.0.874.121, time stamp 0x4ec1cec9,
exception code 0xc0000005, fault offset 0x00be93d5, process id 0x13a4, application
start time 0x01ccb645d6dc8e72.

[ Media Center Events ]
Error - 10/17/2009 4:52:07 AM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/17/2009 8:49:40 PM | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/17/2009 11:08:31 PM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 10/18/2009 5:07:54 PM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/18/2009 7:12:58 PM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/22/2009 5:29:55 AM | Computer Name = Joseph-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/22/2009 5:59:38 PM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 12/7/2010 2:58:20 AM | Computer Name = Joseph-PC | Source = McrMgr | ID = 109
Description =

Error - 2/1/2011 3:04:42 PM | Computer Name = Joseph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/14/2011 2:36:08 AM | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 12/13/2011 6:22:55 PM | Computer Name = Joseph-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.6 on
the Network Card with network address 0019D1E594AB.

Error - 12/14/2011 7:40:14 AM | Computer Name = Joseph-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2011 7:41:00 AM | Computer Name = Joseph-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:39:01 AM on 12/14/2011 was unexpected.

Error - 12/14/2011 7:40:55 AM | Computer Name = Joseph-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/14/2011 7:42:29 AM | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 7:43:31 AM | Computer Name = Joseph-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 12/14/2011 1:12:29 PM | Computer Name = Joseph-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/14/2011 3:04:35 PM | Computer Name = Joseph-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 15 Dec 2011, 5:55 pm

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

12/14/2011 10:20:51 PM
mbam-log-2011-12-14 (22-20-51).txt

Scan type: Quick scan
Objects scanned: 219183
Time elapsed: 46 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 29
Files Infected: 88

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joseph\AppData\Local\bfg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joseph\AppData\Local\bfg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joseph\AppData\Local\bfg.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\rewardsarcade\rewardsarcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\temp\accrzbcybt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\appapiinternalwrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\rewardsarcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\program files\rewardsarcade\userconfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\AppData\Local\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\Users\Joseph\local settings\application data\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Thu 15 Dec 2011, 7:57 pm

Gabethebabe wrote:
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Users\Joseph\AppData\Roaming\Uhela
C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
C:\ProgramData\b0ox82m1fa8vey
C:\Windows\tasks\PC Optimizer Pro startups.job
C:\Windows\tasks\AWC Startup.job
C:\Users\Joseph\AppData\Local\bfg.exe
C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
@C:\ProgramData\TEMP:5C321E34
C:\Windows\System32\mmf.sys

:otl
O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe ()

:commands
[resethosts]
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Please repeat the OTL instruction. Also please repeat the MBAM scan to see if the second one comes up clean.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 16 Dec 2011, 7:10 am

yeah my avast is going crazy with pop ups i will run these again

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Fri 16 Dec 2011, 9:46 am

yeah and this time click the correct OTL button, please ;)

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 16 Dec 2011, 10:09 am

Error: Unable to interpret < %systemroot%\system32\*.dll /lockedfiles> in the current context!
Error: Unable to interpret < %systemroot%\system32\*.exe /lockedfiles> in the current context!
Error: Unable to interpret < %systemroot%\Tasks\*.job /lockedfiles> in the current context!
Error: Unable to interpret < %systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret < %systemroot%\system32\drivers\*.sys> in the current context!
Error: Unable to interpret < %systemroot%\system32\drivers\*.dll> in the current context!
Error: Unable to interpret < %systemroot%\system32\drivers\*.ini> in the current context!
Error: Unable to interpret < %systemroot%\system32\drivers\*.exe> in the current context!
Error: Unable to interpret < %SYSTEMDRIVE%\*.*> in the current context!
Error: Unable to interpret < %PROGRAMFILES%\*.> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_150923

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 16 Dec 2011, 11:28 am

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8373

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18999

12/15/2011 3:14:57 PM
mbam-log-2011-12-15 (15-14-57).txt

Scan type: Quick scan
Objects scanned: 216413
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Fri 16 Dec 2011, 6:01 pm

You made another mistake - you clicked the right button this time, but used the wrong script

Please repeat the OTL step again.

Gabethebabe wrote:
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Users\Joseph\AppData\Roaming\Uhela
C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey
C:\ProgramData\b0ox82m1fa8vey
C:\Windows\tasks\PC Optimizer Pro startups.job
C:\Windows\tasks\AWC Startup.job
C:\Users\Joseph\AppData\Local\bfg.exe
C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
@C:\ProgramData\TEMP:5C321E34
C:\Windows\System32\mmf.sys

:otl
O4 - HKCU..\Run: [{888E7E18-98D2-D17D-B3F0-E416C98895BF}] C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe ()

:commands
[resethosts]
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Please repeat the OTL instruction. Also please repeat the MBAM scan to see if the second one comes up clean.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 16 Dec 2011, 9:13 pm

sorry about that here you go thanks again

========== FILES ==========
File\Folder C:\Users\Joseph\AppData\Roaming\Uhela not found.
File\Folder C:\Users\Joseph\AppData\Local\b0ox82m1fa8vey not found.
File\Folder C:\ProgramData\b0ox82m1fa8vey not found.
File\Folder C:\Windows\tasks\PC Optimizer Pro startups.job not found.
File\Folder C:\Windows\tasks\AWC Startup.job not found.
File\Folder C:\Users\Joseph\AppData\Local\bfg.exe not found.
C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job moved successfully.
Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
C:\Windows\System32\mmf.sys moved successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{888E7E18-98D2-D17D-B3F0-E416C98895BF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888E7E18-98D2-D17D-B3F0-E416C98895BF}\ not found.
File C:\Users\Joseph\AppData\Roaming\Uhela\uqabebu.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12162011_020846

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Fri 16 Dec 2011, 9:21 pm

I see you are running AdAware and Avast. You should uninstall one of them, both are full blown AV programs. They are both very good (I have two computers at home and I use one on one and the other on the other )

====================

It appears you have Ask Toolbar installed. Practically all, if not all anti-malware sites, including GeekPolice, have Ask Toolbar flagged as untrustworthy, because it uses shady practices for distributing and installing its toolbar, see here for more info.

I therefore highly recommend you to go to Start >> Control Panel >> Add/Remove Programs and remove the following programs if present:
  • AskBarDis
  • Ask Toolbar

After that go to the C:\Program Files folder and delete the following folders, if present:
  • AskBarDis
  • Ask.com

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.

====================

How are things running now?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 17 Dec 2011, 3:23 pm

seems to be running fine other then the fact every time i open fire fox i get a ad pop up in a new tab maybe thats coming from visiting this site?

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Mon 19 Dec 2011, 6:10 pm

If you look under Firefox >> Tools >> Options >> General >> Startup, what does it say?
Which page is loaded at startup, etc?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Thu 22 Dec 2011, 12:50 pm

[You must be registered and logged in to see this link.]


doesnt seem very right now when i open a page every so often about 50 tabs come up of like porn and random stuff and now my comp just flashed the blue screen for like a second and such down and reset

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Thu 22 Dec 2011, 8:24 pm

Please download GooredFix by jpshortstuff from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (WIN XP), or right-click and select Run As Administrator (Vista/WIN7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 23 Dec 2011, 9:36 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:36 on 22/12/2011 (Joseph)
Firefox version 8.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[You must be registered and logged in to see this link.] [23:50 09/09/2009]
[You must be registered and logged in to see this link.] [05:15 06/07/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:48 16/11/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [23:50 09/09/2009]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [20:02 16/12/2011]

C:\Users\Joseph\Application Data\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\
[You must be registered and logged in to see this link.] [06:57 04/04/2011]
[You must be registered and logged in to see this link.] [17:04 10/08/2011]
vshare@toolbar [17:37 10/10/2010]
{20a82645-c095-46ed-80e3-08825760534b} [06:30 09/03/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [07:22 13/12/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [02:58 10/09/2009]
{c2f863cd-0429-48c7-bb54-db756a951760} [19:16 14/11/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Fri 23 Dec 2011, 10:49 pm

OK - there are no malicious addons in your Firefox.

  • Download TDSSKiller by Kaspersky from here and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Sponsored content Today at 9:29 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum