Trojan-BNK.Win32.keylogger.gen

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Wed 14 Dec 2011, 6:43 pm

First topic message reminder :

hey thank you for the help first off now it lets me open otl but it wont let notepad open says its infected wont let me open much some how its letting me run firefox finally so any help would be helpful thanks

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down


Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Tue 27 Dec 2011, 2:27 pm

19:26:27.0293 2504 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:26:27.0673 2504 ============================================================
19:26:27.0673 2504 Current date / time: 2011/12/26 19:26:27.0673
19:26:27.0673 2504 SystemInfo:
19:26:27.0673 2504
19:26:27.0673 2504 OS Version: 6.0.6002 ServicePack: 2.0
19:26:27.0673 2504 Product type: Workstation
19:26:27.0673 2504 ComputerName: JOSEPH-PC
19:26:27.0674 2504 UserName: Joseph
19:26:27.0674 2504 Windows directory: C:\Windows
19:26:27.0674 2504 System windows directory: C:\Windows
19:26:27.0674 2504 Processor architecture: Intel x86
19:26:27.0674 2504 Number of processors: 4
19:26:27.0674 2504 Page size: 0x1000
19:26:27.0674 2504 Boot type: Normal boot
19:26:27.0674 2504 ============================================================
19:26:28.0045 2504 Initialize success
19:26:32.0174 4516 ============================================================
19:26:32.0174 4516 Scan started
19:26:32.0174 4516 Mode: Manual;
19:26:32.0174 4516 ============================================================
19:26:32.0461 4516 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:26:32.0463 4516 ACPI - ok
19:26:32.0498 4516 adfs - ok
19:26:32.0535 4516 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:26:32.0538 4516 adp94xx - ok
19:26:32.0560 4516 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:26:32.0562 4516 adpahci - ok
19:26:32.0583 4516 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:26:32.0584 4516 adpu160m - ok
19:26:32.0605 4516 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:26:32.0606 4516 adpu320 - ok
19:26:32.0656 4516 AFD (44d0c3cd2d96df1c584ba0d87b224966) C:\Windows\system32\drivers\afd.sys
19:26:32.0658 4516 AFD - ok
19:26:32.0686 4516 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:26:32.0687 4516 agp440 - ok
19:26:32.0719 4516 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:26:32.0720 4516 aic78xx - ok
19:26:32.0755 4516 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
19:26:32.0756 4516 aliide - ok
19:26:32.0769 4516 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:26:32.0770 4516 amdagp - ok
19:26:32.0786 4516 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
19:26:32.0786 4516 amdide - ok
19:26:32.0799 4516 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:26:32.0800 4516 AmdK7 - ok
19:26:32.0819 4516 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:26:32.0819 4516 AmdK8 - ok
19:26:32.0852 4516 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:26:32.0853 4516 arc - ok
19:26:32.0863 4516 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:26:32.0863 4516 arcsas - ok
19:26:32.0885 4516 aswFsBlk (ad3bf0f023c8c446c5cae6c5db36c836) C:\Windows\system32\DRIVERS\aswFsBlk.sys
19:26:32.0885 4516 aswFsBlk - ok
19:26:32.0919 4516 aswMonFlt (f58e12da806915c70245a521d4cef792) C:\Windows\system32\DRIVERS\aswMonFlt.sys
19:26:32.0919 4516 aswMonFlt - ok
19:26:32.0931 4516 aswRdr (da7083019bf5e47a07b9bd8ece812b47) C:\Windows\system32\drivers\aswRdr.sys
19:26:32.0932 4516 aswRdr - ok
19:26:32.0950 4516 aswSP (c51a8309a1f07d936a22176553dfd6a0) C:\Windows\system32\drivers\aswSP.sys
19:26:32.0950 4516 aswSP - ok
19:26:32.0968 4516 aswTdi (7353fa997054cc68ed26abcfd872bae9) C:\Windows\system32\drivers\aswTdi.sys
19:26:32.0969 4516 aswTdi - ok
19:26:33.0002 4516 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:33.0002 4516 AsyncMac - ok
19:26:33.0034 4516 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
19:26:33.0035 4516 atapi - ok
19:26:33.0094 4516 athrusb (cd90739cb064f5a234a41d190f25a822) C:\Windows\system32\DRIVERS\athrusb.sys
19:26:33.0099 4516 athrusb - ok
19:26:33.0157 4516 BCMH43XX (601259276b934f0c938bff4f558c5691) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
19:26:33.0161 4516 BCMH43XX - ok
19:26:33.0196 4516 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:26:33.0197 4516 Beep - ok
19:26:33.0206 4516 blbdrive - ok
19:26:33.0255 4516 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
19:26:33.0256 4516 bowser - ok
19:26:33.0288 4516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:26:33.0288 4516 BrFiltLo - ok
19:26:33.0306 4516 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:26:33.0307 4516 BrFiltUp - ok
19:26:33.0332 4516 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:26:33.0333 4516 Brserid - ok
19:26:33.0348 4516 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:26:33.0348 4516 BrSerWdm - ok
19:26:33.0366 4516 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:26:33.0367 4516 BrUsbMdm - ok
19:26:33.0380 4516 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:26:33.0380 4516 BrUsbSer - ok
19:26:33.0399 4516 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:26:33.0399 4516 BTHMODEM - ok
19:26:33.0488 4516 catchme - ok
19:26:33.0507 4516 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:26:33.0508 4516 cdfs - ok
19:26:33.0540 4516 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:26:33.0541 4516 cdrom - ok
19:26:33.0557 4516 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:26:33.0557 4516 circlass - ok
19:26:33.0587 4516 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:26:33.0589 4516 CLFS - ok
19:26:33.0637 4516 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
19:26:33.0638 4516 cmdide - ok
19:26:33.0649 4516 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:26:33.0650 4516 Compbatt - ok
19:26:33.0668 4516 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:26:33.0669 4516 crcdisk - ok
19:26:33.0691 4516 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:26:33.0691 4516 Crusoe - ok
19:26:33.0744 4516 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
19:26:33.0745 4516 DfsC - ok
19:26:33.0800 4516 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:26:33.0801 4516 disk - ok
19:26:33.0834 4516 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:26:33.0835 4516 drmkaud - ok
19:26:33.0871 4516 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:33.0876 4516 DXGKrnl - ok
19:26:33.0920 4516 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:26:33.0922 4516 e1express - ok
19:26:33.0954 4516 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:26:33.0955 4516 E1G60 - ok
19:26:33.0991 4516 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:26:33.0992 4516 Ecache - ok
19:26:34.0019 4516 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:26:34.0021 4516 elxstor - ok
19:26:34.0074 4516 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:26:34.0076 4516 exfat - ok
19:26:34.0168 4516 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:26:34.0169 4516 fastfat - ok
19:26:34.0198 4516 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:26:34.0198 4516 fdc - ok
19:26:34.0254 4516 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:26:34.0255 4516 FileInfo - ok
19:26:34.0323 4516 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:26:34.0324 4516 Filetrace - ok
19:26:34.0343 4516 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:26:34.0344 4516 flpydisk - ok
19:26:34.0432 4516 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:26:34.0433 4516 FltMgr - ok
19:26:34.0478 4516 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:26:34.0479 4516 Fs_Rec - ok
19:26:34.0497 4516 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:26:34.0498 4516 gagp30kx - ok
19:26:34.0528 4516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:26:34.0529 4516 GEARAspiWDM - ok
19:26:34.0578 4516 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:26:34.0580 4516 HdAudAddService - ok
19:26:34.0613 4516 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:34.0617 4516 HDAudBus - ok
19:26:34.0641 4516 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:26:34.0642 4516 HidBth - ok
19:26:34.0671 4516 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:26:34.0673 4516 HidIr - ok
19:26:34.0696 4516 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:26:34.0697 4516 HidUsb - ok
19:26:34.0719 4516 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:26:34.0719 4516 HpCISSs - ok
19:26:34.0754 4516 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:26:34.0757 4516 HTTP - ok
19:26:34.0788 4516 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:26:34.0788 4516 i2omp - ok
19:26:34.0838 4516 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:34.0839 4516 i8042prt - ok
19:26:34.0871 4516 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:26:34.0873 4516 iaStorV - ok
19:26:34.0894 4516 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:26:34.0895 4516 iirsp - ok
19:26:34.0937 4516 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
19:26:34.0937 4516 intelide - ok
19:26:34.0969 4516 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:26:34.0970 4516 intelppm - ok
19:26:35.0016 4516 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:35.0017 4516 IpFilterDriver - ok
19:26:35.0033 4516 IpInIp - ok
19:26:35.0052 4516 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:26:35.0053 4516 IPMIDRV - ok
19:26:35.0082 4516 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:26:35.0083 4516 IPNAT - ok
19:26:35.0127 4516 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:26:35.0127 4516 IRENUM - ok
19:26:35.0144 4516 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:26:35.0145 4516 isapnp - ok
19:26:35.0186 4516 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:26:35.0187 4516 iScsiPrt - ok
19:26:35.0200 4516 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:26:35.0201 4516 iteatapi - ok
19:26:35.0285 4516 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:26:35.0285 4516 iteraid - ok
19:26:35.0319 4516 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:35.0319 4516 kbdclass - ok
19:26:35.0354 4516 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:26:35.0355 4516 kbdhid - ok
19:26:35.0394 4516 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:26:35.0397 4516 KSecDD - ok
19:26:35.0463 4516 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:26:35.0464 4516 lltdio - ok
19:26:35.0557 4516 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:26:35.0558 4516 LSI_FC - ok
19:26:35.0606 4516 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:26:35.0607 4516 LSI_SAS - ok
19:26:35.0616 4516 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:26:35.0617 4516 LSI_SCSI - ok
19:26:35.0676 4516 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:26:35.0677 4516 luafv - ok
19:26:35.0717 4516 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:26:35.0717 4516 megasas - ok
19:26:35.0746 4516 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:26:35.0747 4516 Modem - ok
19:26:35.0782 4516 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:26:35.0783 4516 monitor - ok
19:26:35.0822 4516 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:26:35.0823 4516 mouclass - ok
19:26:35.0888 4516 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:26:35.0889 4516 mouhid - ok
19:26:35.0906 4516 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:26:35.0907 4516 MountMgr - ok
19:26:35.0942 4516 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:26:35.0943 4516 mpio - ok
19:26:35.0971 4516 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:26:35.0972 4516 mpsdrv - ok
19:26:35.0991 4516 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:26:35.0992 4516 Mraid35x - ok
19:26:36.0051 4516 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:26:36.0052 4516 MREMP50 - ok
19:26:36.0059 4516 MREMP50a64 - ok
19:26:36.0063 4516 MREMPR5 - ok
19:26:36.0067 4516 MRENDIS5 - ok
19:26:36.0103 4516 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:26:36.0104 4516 MRESP50 - ok
19:26:36.0108 4516 MRESP50a64 - ok
19:26:36.0183 4516 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:26:36.0184 4516 MRxDAV - ok
19:26:36.0214 4516 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:36.0215 4516 mrxsmb - ok
19:26:36.0236 4516 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:36.0238 4516 mrxsmb10 - ok
19:26:36.0254 4516 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:36.0255 4516 mrxsmb20 - ok
19:26:36.0281 4516 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
19:26:36.0281 4516 msahci - ok
19:26:36.0337 4516 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:26:36.0338 4516 msdsm - ok
19:26:36.0373 4516 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:26:36.0374 4516 Msfs - ok
19:26:36.0484 4516 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:26:36.0484 4516 msisadrv - ok
19:26:36.0521 4516 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:26:36.0521 4516 MSKSSRV - ok
19:26:36.0551 4516 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:36.0552 4516 MSPCLOCK - ok
19:26:36.0576 4516 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:26:36.0576 4516 MSPQM - ok
19:26:36.0607 4516 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:26:36.0608 4516 MsRPC - ok
19:26:36.0625 4516 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:36.0626 4516 mssmbios - ok
19:26:36.0635 4516 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:26:36.0635 4516 MSTEE - ok
19:26:36.0657 4516 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:26:36.0658 4516 Mup - ok
19:26:36.0701 4516 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:26:36.0703 4516 NativeWifiP - ok
19:26:36.0748 4516 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:26:36.0752 4516 NDIS - ok
19:26:36.0791 4516 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:36.0792 4516 NdisTapi - ok
19:26:36.0820 4516 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:36.0821 4516 Ndisuio - ok
19:26:36.0837 4516 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:36.0838 4516 NdisWan - ok
19:26:36.0876 4516 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:26:36.0877 4516 NDProxy - ok
19:26:36.0893 4516 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:26:36.0893 4516 NetBIOS - ok
19:26:36.0944 4516 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:26:36.0945 4516 netbt - ok
19:26:36.0988 4516 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:26:36.0989 4516 nfrd960 - ok
19:26:37.0016 4516 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:26:37.0017 4516 Npfs - ok
19:26:37.0047 4516 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:26:37.0048 4516 nsiproxy - ok
19:26:37.0100 4516 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:26:37.0125 4516 Ntfs - ok
19:26:37.0139 4516 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:26:37.0139 4516 ntrigdigi - ok
19:26:37.0160 4516 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:26:37.0161 4516 Null - ok
19:26:37.0437 4516 nvlddmkm (55526cd7b311236aab3f73434cbc651e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:37.0628 4516 nvlddmkm - ok
19:26:37.0664 4516 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
19:26:37.0666 4516 nvraid - ok
19:26:37.0692 4516 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
19:26:37.0694 4516 nvstor - ok
19:26:37.0709 4516 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:26:37.0711 4516 nv_agp - ok
19:26:37.0720 4516 NwlnkFlt - ok
19:26:37.0730 4516 NwlnkFwd - ok
19:26:37.0758 4516 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:26:37.0760 4516 ohci1394 - ok
19:26:37.0804 4516 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:26:37.0810 4516 Parport - ok
19:26:37.0843 4516 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:26:37.0844 4516 partmgr - ok
19:26:37.0859 4516 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:26:37.0860 4516 Parvdm - ok
19:26:37.0921 4516 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:26:37.0924 4516 pci - ok
19:26:37.0955 4516 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
19:26:37.0956 4516 pciide - ok
19:26:37.0971 4516 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:26:37.0975 4516 pcmcia - ok
19:26:38.0008 4516 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:26:38.0010 4516 pcouffin - ok
19:26:38.0055 4516 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\Windows\system32\PCTINDIS5.SYS
19:26:38.0058 4516 PCTINDIS5 - ok
19:26:38.0140 4516 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:26:38.0165 4516 PEAUTH - ok
19:26:38.0288 4516 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
19:26:38.0337 4516 PID_PEPI - ok
19:26:38.0377 4516 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:26:38.0379 4516 PptpMiniport - ok
19:26:38.0397 4516 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:26:38.0399 4516 Processor - ok
19:26:38.0446 4516 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:26:38.0449 4516 PSched - ok
19:26:38.0522 4516 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:26:38.0545 4516 ql2300 - ok
19:26:38.0583 4516 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:26:38.0585 4516 ql40xx - ok
19:26:38.0681 4516 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:26:38.0682 4516 QWAVEdrv - ok
19:26:38.0724 4516 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:26:38.0725 4516 RasAcd - ok
19:26:38.0761 4516 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:38.0763 4516 Rasl2tp - ok
19:26:38.0807 4516 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:38.0808 4516 RasPppoe - ok
19:26:38.0839 4516 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:26:38.0841 4516 RasSstp - ok
19:26:38.0887 4516 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:26:38.0891 4516 rdbss - ok
19:26:38.0921 4516 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:38.0923 4516 RDPCDD - ok
19:26:38.0960 4516 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:26:38.0964 4516 rdpdr - ok
19:26:38.0985 4516 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:26:38.0986 4516 RDPENCDD - ok
19:26:39.0013 4516 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:26:39.0017 4516 RDPWD - ok
19:26:39.0049 4516 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
19:26:39.0050 4516 RimUsb - ok
19:26:39.0080 4516 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:26:39.0082 4516 rspndr - ok
19:26:39.0152 4516 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:26:39.0154 4516 sbp2port - ok
19:26:39.0188 4516 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:26:39.0189 4516 secdrv - ok
19:26:39.0209 4516 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:26:39.0210 4516 Serenum - ok
19:26:39.0236 4516 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:26:39.0238 4516 Serial - ok
19:26:39.0271 4516 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:26:39.0272 4516 sermouse - ok
19:26:39.0299 4516 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:26:39.0300 4516 sffdisk - ok
19:26:39.0318 4516 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:26:39.0320 4516 sffp_mmc - ok
19:26:39.0332 4516 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:26:39.0333 4516 sffp_sd - ok
19:26:39.0347 4516 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:26:39.0348 4516 sfloppy - ok
19:26:39.0363 4516 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:26:39.0364 4516 sisagp - ok
19:26:39.0382 4516 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:26:39.0384 4516 SiSRaid2 - ok
19:26:39.0403 4516 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:26:39.0405 4516 SiSRaid4 - ok
19:26:39.0443 4516 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:26:39.0445 4516 Smb - ok
19:26:39.0488 4516 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:26:39.0489 4516 spldr - ok
19:26:39.0544 4516 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
19:26:39.0561 4516 sptd - ok
19:26:39.0598 4516 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
19:26:39.0603 4516 srv - ok
19:26:39.0638 4516 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
19:26:39.0641 4516 srv2 - ok
19:26:39.0656 4516 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
19:26:39.0658 4516 srvnet - ok
19:26:39.0692 4516 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:26:39.0693 4516 swenum - ok
19:26:39.0713 4516 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:26:39.0715 4516 Symc8xx - ok
19:26:39.0730 4516 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:26:39.0731 4516 Sym_hi - ok
19:26:39.0753 4516 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:26:39.0755 4516 Sym_u3 - ok
19:26:39.0809 4516 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
19:26:39.0833 4516 Tcpip - ok
19:26:39.0852 4516 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
19:26:39.0858 4516 Tcpip6 - ok
19:26:39.0900 4516 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:26:39.0901 4516 tcpipreg - ok
19:26:39.0930 4516 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:26:39.0931 4516 TDPIPE - ok
19:26:39.0940 4516 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:26:39.0941 4516 TDTCP - ok
19:26:39.0971 4516 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:26:39.0973 4516 tdx - ok
19:26:40.0005 4516 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:26:40.0006 4516 TermDD - ok
19:26:40.0032 4516 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:40.0033 4516 tssecsrv - ok
19:26:40.0066 4516 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:26:40.0067 4516 tunmp - ok
19:26:40.0095 4516 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:26:40.0097 4516 tunnel - ok
19:26:40.0117 4516 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:26:40.0119 4516 uagp35 - ok
19:26:40.0151 4516 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:26:40.0155 4516 udfs - ok
19:26:40.0179 4516 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:26:40.0181 4516 uliagpkx - ok
19:26:40.0250 4516 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:26:40.0254 4516 uliahci - ok
19:26:40.0272 4516 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:26:40.0275 4516 UlSata - ok
19:26:40.0293 4516 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:26:40.0295 4516 ulsata2 - ok
19:26:40.0324 4516 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:26:40.0326 4516 umbus - ok
19:26:40.0362 4516 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
19:26:40.0363 4516 UMPass - ok
19:26:40.0401 4516 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
19:26:40.0403 4516 USBAAPL - ok
19:26:40.0439 4516 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:26:40.0441 4516 usbaudio - ok
19:26:40.0459 4516 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:40.0461 4516 usbccgp - ok
19:26:40.0477 4516 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:26:40.0479 4516 usbcir - ok
19:26:40.0513 4516 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:26:40.0515 4516 usbehci - ok
19:26:40.0534 4516 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:26:40.0537 4516 usbhub - ok
19:26:40.0554 4516 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:26:40.0555 4516 usbohci - ok
19:26:40.0585 4516 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:26:40.0586 4516 usbprint - ok
19:26:40.0604 4516 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:40.0604 4516 USBSTOR - ok
19:26:40.0638 4516 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:40.0639 4516 usbuhci - ok
19:26:40.0688 4516 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:26:40.0690 4516 usbvideo - ok
19:26:40.0758 4516 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:40.0759 4516 vga - ok
19:26:40.0802 4516 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:26:40.0803 4516 VgaSave - ok
19:26:40.0855 4516 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:26:40.0857 4516 viaagp - ok
19:26:40.0888 4516 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:26:40.0889 4516 ViaC7 - ok
19:26:40.0922 4516 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
19:26:40.0923 4516 viaide - ok
19:26:40.0960 4516 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:26:40.0963 4516 volmgr - ok
19:26:41.0000 4516 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:26:41.0004 4516 volmgrx - ok
19:26:41.0051 4516 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:26:41.0055 4516 volsnap - ok
19:26:41.0089 4516 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:26:41.0091 4516 vsmraid - ok
19:26:41.0178 4516 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
19:26:41.0182 4516 VSTHWBS2 - ok
19:26:41.0210 4516 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:26:41.0227 4516 VST_DPV - ok
19:26:41.0296 4516 VX1000 (579043e803fa388f6b3eb2c275cea542) C:\Windows\system32\DRIVERS\VX1000.sys
19:26:41.0332 4516 VX1000 - ok
19:26:41.0405 4516 VX3000 (bd32d7007cb505d3b1c29e3d0ef2a46a) C:\Windows\system32\DRIVERS\VX3000.sys
19:26:41.0447 4516 VX3000 - ok
19:26:41.0521 4516 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:26:41.0523 4516 WacomPen - ok
19:26:41.0557 4516 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:41.0559 4516 Wanarp - ok
19:26:41.0567 4516 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:41.0568 4516 Wanarpv6 - ok
19:26:41.0592 4516 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:26:41.0597 4516 Wd - ok
19:26:41.0636 4516 Wdf01000 (6d77ff2224d2d3984760acbdf4024a7b) C:\Windows\system32\drivers\Wdf01000.sys
19:26:41.0639 4516 Wdf01000 - ok
19:26:41.0695 4516 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:26:41.0710 4516 winachsf - ok
19:26:41.0748 4516 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:26:41.0749 4516 WmiAcpi - ok
19:26:41.0791 4516 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:26:41.0792 4516 WpdUsb - ok
19:26:41.0825 4516 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:26:41.0826 4516 ws2ifsl - ok
19:26:41.0858 4516 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:41.0861 4516 WUDFRd - ok
19:26:41.0955 4516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:26:42.0030 4516 \Device\Harddisk0\DR0 - ok
19:26:42.0046 4516 Boot (0x1200) (bda5da5b8672c3d86a22a0bc419fcd7a) \Device\Harddisk0\DR0\Partition0
19:26:42.0047 4516 \Device\Harddisk0\DR0\Partition0 - ok
19:26:42.0050 4516 Boot (0x1200) (6ce01c762c7335b00b5ef9154ae8997b) \Device\Harddisk0\DR0\Partition1
19:26:42.0050 4516 \Device\Harddisk0\DR0\Partition1 - ok
19:26:42.0051 4516 ============================================================
19:26:42.0051 4516 Scan finished
19:26:42.0051 4516 ============================================================
19:26:42.0061 4588 Detected object count: 0
19:26:42.0061 4588 Actual detected object count: 0

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Thu 29 Dec 2011, 6:56 pm

Can you run OTL.exe again, click the run scan button and post the OTL.TXT?

I'm not sure what is going on, maybe the adware that was on your computer has not yet been obliterated completely.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 30 Dec 2011, 9:16 am

yeah everytime i go on the internet i get a redirect and avast is going crazy

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Fri 30 Dec 2011, 10:31 am

OTL logfile created on: 12/30/2011 12:16:38 AM - Run 12
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joseph\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 18.24% Memory free
4.24 Gb Paging File | 1.84 Gb Available in Paging File | 43.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 118.92 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: Joseph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 14:17:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joseph\Downloads\OTL(1).exe
PRC - [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 10:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/04/19 12:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/04/02 13:44:58 | 000,802,056 | ---- | M] () -- C:\Users\Joseph\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2010/02/08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2008/11/26 09:18:51 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 17:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/18 23:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2007/05/03 13:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 15:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2006/12/05 15:38:57 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/04 22:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/26 15:14:44 | 000,020,296 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\mailcount.dll
MOD - [2011/08/08 12:41:42 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/04/02 13:45:00 | 017,979,144 | ---- | M] () -- C:\Users\Joseph\AppData\Local\Autobahn\bin\4.2.21.MLB_10_79\swarmcast.dll
MOD - [2010/04/02 13:44:58 | 000,802,056 | ---- | M] () -- C:\Users\Joseph\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
MOD - [2010/01/22 14:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
MOD - [2010/01/22 14:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
MOD - [2010/01/22 14:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
MOD - [2010/01/22 14:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/14 12:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/05/22 15:34:34 | 000,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/02/12 23:24:30 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/11/26 09:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 09:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 09:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 09:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/06 00:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/07/31 13:06:45 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/10 20:47:03 | 000,273,920 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2008/11/26 09:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 09:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 09:17:15 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/11/26 09:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 09:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/28 14:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 14:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/18 20:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/10/01 16:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/03/27 18:06:02 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/12/05 15:39:11 | 001,963,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100708181344310&tb_oid=16-12-2011&tb_mrud=16-12-2011"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100708181344310&tb_oid=16-12-2011&tb_mrud=16-12-2011&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/16 12:10:27 | 000,000,000 | ---D | M]

[2008/11/16 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Extensions
[2011/12/16 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions
[2011/03/08 22:30:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 23:22:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/09 18:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127)
[2011/11/14 11:16:47 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/04/03 22:57:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\personas@christopher.beard
[2011/08/10 09:04:32 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\support@platinumhideip.com
[2010/10/10 09:37:40 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\vshare@toolbar
[2009/06/29 22:41:47 | 000,004,207 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml
[2011/12/16 02:11:40 | 000,002,342 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aol-search.xml
[2009/03/06 17:56:52 | 000,000,681 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\ask.xml
[2011/08/13 10:41:00 | 000,002,569 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\askcom.xml
[2009/01/31 23:34:12 | 000,001,632 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml
[2011/07/11 10:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\startsear.xml
[2010/12/05 23:54:03 | 000,001,583 | ---- | M] () -- C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\web-search.xml
[2011/12/16 12:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/16 12:02:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2009/09/10 10:37:46 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] ("searchme") -- C:\Program Files\Mozilla Firefox\extensions\searchme@searchme.com
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 01:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/03/13 01:39:56 | 000,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.7.1 (Enabled) = C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: RewardsArcade = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.13.61_0\
CHR - Extension: vshare plugin = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Poppit = C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Joseph\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 2Wire Wireless Manager - hkey= - key= - C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:14 am

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: AFD - C:\Windows\system32\drivers\afd.sys ()
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B73F76FE-C94C-B18F-7FAB-FF64C5218DF5} - Microsoft Windows Media Player 11.0
ActiveX: {BF2C5BB3-5E3E-1718-69DD-09CF3036F039} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 19:24:49 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe
[2011/12/22 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\GooredFix Backups
[2011/12/22 14:35:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/16 13:03:13 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\SumatraPDF
[2011/12/16 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/12/16 12:10:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/16 12:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 12:02:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 12:02:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 12:02:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/06 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Spotify
[2008/12/12 16:27:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joseph\AppData\Roaming\pcouffin.sys
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 00:14:52 | 000,121,344 | ---- | M] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 00:00:06 | 000,000,327 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/12/29 23:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:48:40 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/29 19:16:39 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/29 19:16:38 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/29 19:16:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 16:54:55 | 000,001,865 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/12/29 16:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 15:37:30 | 000,002,265 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/26 19:24:53 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe
[2011/12/22 14:35:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/16 07:28:06 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 20:29:50 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 20:29:50 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 21:09:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 23:43:16 | 366,951,010 | ---- | C] () -- C:\Users\Joseph\Desktop\Breaking.Bad.S04E06.HDTV.XviD-ASAP.avi
[2011/12/17 01:15:42 | 471,277,446 | ---- | C] () -- C:\Users\Joseph\Desktop\9.Songs.2004.720p.Bluray.x264.utkuemre.mkv
[2011/12/16 13:03:08 | 000,001,676 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2011/12/16 02:11:33 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/16 02:09:52 | 000,001,865 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/01/12 21:26:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 21:26:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 21:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 21:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 21:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/21 08:46:01 | 000,000,552 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d8caps.dat
[2009/09/24 15:31:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/15 20:13:23 | 000,101,172 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/10 19:41:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/09 00:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/09 00:45:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/09 00:44:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/09 00:44:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/09 00:44:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/09 00:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/07 14:40:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 14:40:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/07 14:39:35 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 11:08:58 | 000,000,600 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\winscp.rnd
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/12 23:24:30 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/02/12 23:24:30 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/12/23 00:19:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/12 16:28:35 | 000,001,041 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2008/12/12 16:27:49 | 000,007,887 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.cat
[2008/12/12 16:27:49 | 000,001,144 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.inf
[2008/12/12 14:06:41 | 000,121,344 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 03:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/15 18:38:19 | 000,023,580 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\UserTile.png
[2008/11/15 18:31:42 | 000,001,356 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 006,063,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/19 15:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005/12/22 11:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/05 08:37:20 | 004,164,630 | R--- | M] (Swearware) -- C:\Users\Joseph\Desktop\ComboFix.exe
[2011/12/22 14:35:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/26 19:24:53 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/04 22:53:18 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/04 22:53:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/04 22:53:18 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 16:54:55 | 000,001,865 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\system32\mmf.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/12/10 11:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire Wireless Manager
[2009/07/31 12:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/29 02:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2008/11/20 20:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/06/22 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/05 22:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2009/03/05 22:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2008/11/20 17:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2011/05/05 00:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/12/25 13:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/12/25 13:11:24 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/12/16 12:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2010/01/07 02:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\DigiDNA
[2010/06/23 00:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Aquarium
[2009/01/08 16:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2010/05/04 18:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/11/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2009/03/02 14:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/11/14 10:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/10/02 20:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\HooTech
[2010/02/10 23:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2009/09/09 18:56:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/16 12:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/02 19:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/09/12 19:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/05/12 22:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2011/05/05 00:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/03/16 12:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPodRip
[2011/05/05 00:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/12/16 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/20 15:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/11 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Kingdia Software
[2008/11/20 18:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/09/09 19:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/03/02 17:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Makayama Interactive
[2011/12/14 20:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 22:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/12/23 00:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/31 22:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2008/12/23 00:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/29 23:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/25 22:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/29 23:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/29 23:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/06/25 02:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/15 00:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 19:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/11/10 17:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mplayer
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/28 00:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/10/02 20:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/11/29 10:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/07/19 02:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/08/02 16:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\ootp10setup
[2009/10/20 15:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/09/24 16:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Out of the Park Developments
[2009/09/09 18:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2009/12/27 12:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2009/05/23 11:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickFreedom
[2011/05/05 00:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/05/05 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/09/10 19:39:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/18 21:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/09 12:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2011/12/16 13:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\SumatraPDF
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\TruePoker
[2009/09/08 16:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity
[2009/09/08 16:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity Codec Pack
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/14 10:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/12/11 21:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/11/21 15:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2011/12/14 22:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin
[2010/02/18 15:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/11/24 14:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/05/10 22:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVI Video Converter
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/08/18 14:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/29 23:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/31 22:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/01/08 00:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 03:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/28 12:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/07 02:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Xobni
[2009/09/09 00:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2010/08/04 20:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/10/15 15:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:20 am


SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: AFD - C:\Windows\system32\drivers\afd.sys ()
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B73F76FE-C94C-B18F-7FAB-FF64C5218DF5} - Microsoft Windows Media Player 11.0
ActiveX: {BF2C5BB3-5E3E-1718-69DD-09CF3036F039} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 19:24:49 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe
[2011/12/22 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Desktop\GooredFix Backups
[2011/12/22 14:35:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/16 13:03:13 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\SumatraPDF
[2011/12/16 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/12/16 12:10:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/16 12:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 12:02:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 12:02:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 12:02:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/06 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Roaming\Spotify
[2008/12/12 16:27:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joseph\AppData\Roaming\pcouffin.sys
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 00:14:52 | 000,121,344 | ---- | M] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 00:00:06 | 000,000,327 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/12/29 23:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:48:40 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/29 19:16:39 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/29 19:16:38 | 000,097,229 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/29 19:16:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 16:54:55 | 000,001,865 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/12/29 16:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 15:37:30 | 000,002,265 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/26 19:24:53 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe
[2011/12/22 14:35:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/16 07:28:06 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 20:29:50 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 20:29:50 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 21:09:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Users\Joseph\AppData\Local\*.tmp files -> C:\Users\Joseph\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 23:43:16 | 366,951,010 | ---- | C] () -- C:\Users\Joseph\Desktop\Breaking.Bad.S04E06.HDTV.XviD-ASAP.avi
[2011/12/17 01:15:42 | 471,277,446 | ---- | C] () -- C:\Users\Joseph\Desktop\9.Songs.2004.720p.Bluray.x264.utkuemre.mkv
[2011/12/16 13:03:08 | 000,001,676 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2011/12/16 02:11:33 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
[2011/12/16 02:09:52 | 000,001,865 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/01/12 21:26:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 21:26:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 21:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 21:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 21:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/16 02:03:28 | 000,097,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/21 08:46:01 | 000,000,552 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d8caps.dat
[2009/09/24 15:31:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/15 20:13:23 | 000,101,172 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/10 19:41:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/09 00:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/09 00:45:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/09 00:44:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/09 00:44:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/09 00:44:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/09 00:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/07 14:40:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 14:40:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/07 14:39:35 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 11:08:58 | 000,000,600 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\winscp.rnd
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/12 23:24:30 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/02/12 23:24:30 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/12/23 00:19:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/12 16:28:35 | 000,001,041 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\vso_ts_preview.xml
[2008/12/12 16:27:49 | 000,007,887 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.cat
[2008/12/12 16:27:49 | 000,001,144 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\pcouffin.inf
[2008/12/12 14:06:41 | 000,121,344 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 03:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/15 18:38:19 | 000,023,580 | ---- | C] () -- C:\Users\Joseph\AppData\Roaming\UserTile.png
[2008/11/15 18:31:42 | 000,001,356 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 006,063,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/19 15:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005/12/22 11:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI



Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:22 am

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/05 08:37:20 | 004,164,630 | R--- | M] (Swearware) -- C:\Users\Joseph\Desktop\ComboFix.exe
[2011/12/22 14:35:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joseph\Desktop\GooredFix.exe
[2011/12/26 19:24:53 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joseph\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/04 22:53:18 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/04 22:53:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/04 22:53:18 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:54:45 | 000,003,664 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 16:54:55 | 000,001,865 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\system32\mmf.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/12/10 11:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire Wireless Manager
[2009/07/31 12:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/29 02:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/01/06 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2008/11/20 20:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/06/22 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/05 22:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2009/03/05 22:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2008/11/20 17:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2011/05/05 00:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/12/25 13:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/12/25 13:11:24 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/12/16 12:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2010/01/07 02:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\DigiDNA
[2010/06/23 00:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Aquarium
[2009/01/08 16:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2010/05/04 18:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/11/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2009/03/02 14:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/11/14 10:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/10/02 20:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\HooTech
[2010/02/10 23:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2009/09/09 18:56:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/16 12:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2011/01/08 00:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/02 19:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/09/12 19:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/05/12 22:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2011/05/05 00:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/03/16 12:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPodRip
[2011/05/05 00:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/12/16 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/20 15:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/10/02 20:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/11 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Kingdia Software
[2008/11/20 18:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/09/09 19:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/03/02 17:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Makayama Interactive
[2011/12/14 20:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 22:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/12/23 00:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/31 22:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2008/12/23 00:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/29 23:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/25 22:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/29 23:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/29 23:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/06/25 02:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/15 00:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 19:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/14 11:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/11/10 17:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mplayer
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/28 00:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/10/02 20:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/11/29 10:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/07/19 02:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/08/02 16:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\ootp10setup
[2009/10/20 15:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/09/24 16:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Out of the Park Developments
[2009/09/09 18:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2009/12/27 12:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2009/05/23 11:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickFreedom
[2011/05/05 00:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/01/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/05/05 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/09/10 19:39:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/18 21:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:22 am

- Search & Destroy
[2009/03/09 12:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2011/12/16 13:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\SumatraPDF
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\TruePoker
[2009/09/08 16:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity
[2009/09/08 16:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity Codec Pack
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/14 10:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/12/11 21:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/11/21 15:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2011/12/14 22:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin
[2010/02/18 15:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/11/24 14:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/05/10 22:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVI Video Converter
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/08/18 14:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/29 23:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/31 22:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/01/08 00:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 03:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/08/18 14:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/28 12:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/07 02:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2010/06/18 21:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Xobni
[2009/09/09 00:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2010/08/04 20:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/10/15 15:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2009/07/05 21:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\ERDNT\cache\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\drivers\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/11/16 00:18:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/11/16 00:18:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/11/16 00:18:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys


Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:28 am

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys



Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:29 am

< MD5 for: IASTOR.SYS >
[2006/09/29 11:59:58 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:\Drivers\storage\R139843\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys



Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:32 am

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/01 22:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/04 22:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/11/01 20:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/01 22:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sat 31 Dec 2011, 7:33 am

sorry about the mutiple post but it was the only way it would let me post it with out getting a message saying the server was having a problem and timing out something i was only getting for this page

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Sat 31 Dec 2011, 8:06 pm

I'm currently away from my normal computer and not much time to analyze your log, but can you tell me what messages AVAST is spamming and if suspicious files are named?

Maybe the avast messages tell me where the problem lies.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Dell23 on Sun 01 Jan 2012, 4:25 pm

says its blocking access to malicious sites random ones sometimes it just goes like 6 or 7 tall too and when i click on web sites i rarely get the one im suppose to be directed to rather a redirect to random sites

Dell23

Rookie Surfer
Rookie Surfer

Posts : 99
Joined : 2008-11-28
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Gabethebabe on Mon 02 Jan 2012, 5:26 am

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Trojan-BNK.Win32.keylogger.gen

Post by Sponsored content Today at 11:25 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum