Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PDM Keylogger Detected

Started by Road Runner , Apr 18 2011 10:53 AM

  • Please log in to reply

#1
Road Runner
Posted 18 April 2011 - 10:53 AM

Road Runner

    Member

  • Member
  • PipPipPip
  • 608 posts
Greetings,

First off I am in training at Geek U. I am in PL5 and struggling but still in the game.

I have been getting a pop up for about the past month saying PDM.Keylogger type behavior detected.

I am almost certain that this started happening AFTER I installed software that allows me to monitor my household power usage in "real time" and also uploads data to Google Power Meter so I can view the data online.

I somehow hope the two are linked and I don't have someone really trying to get my Swiss Bank Account information. :D

I have the Kaspersky Event Log if that would be of help.

This is not a High Priority request. My pc is completely usable. I would appreciate an experts advice.

Here is a line from the OTL log that mentions the software.

[2011/03/22 20:07:32 | 034,127,872 | ---- | M] () -- C:\Users\Rhett\Desktop\TED5000-installer-windows.exe

TED5000 means The Energy Detective , Model 5000

It just dawned on me that they have a forum and I should check there.

Here is the complete log

OTL logfile created on: 4/18/2011 11:17:30 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rhett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 831.89 Gb Free Space | 90.78% Space Free | Partition Type: NTFS
Drive N: | 482.73 Mb Total Space | 405.70 Mb Free Space | 84.04% Space Free | Partition Type: FAT

Computer Name: ET1831-7 | User Name: Rhett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 11:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rhett\Desktop\OTL.exe
PRC - [2010/08/18 11:49:54 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/04/16 11:32:48 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010/04/12 09:13:08 | 000,142,336 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 11:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rhett\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/15 21:46:04 | 000,109,072 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2010/08/18 11:49:54 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/04/12 09:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/15 21:46:04 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/05/06 17:37:24 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010/03/05 18:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Rhett\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Rhett\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)
DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...e5v145r45l1s46o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...e5v145r45l1s46o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...e5v145r45l1s46o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...e5v145r45l1s46o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...e5v145r45l1s46o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...e5v145r45l1s46o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {bbfec13c-8cb2-53f2-b852-999eb2a852c9}:0.1.6
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/24 15:02:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/04 21:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 10:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 10:29:34 | 000,000,000 | ---D | M]

[2011/01/10 01:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhett\AppData\Roaming\Mozilla\Extensions
[2011/04/17 12:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhett\AppData\Roaming\Mozilla\Firefox\Profiles\a4s1u1ey.default\extensions
[2011/04/16 14:55:19 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rhett\AppData\Roaming\Mozilla\Firefox\Profiles\a4s1u1ey.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/03/28 18:10:31 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Users\Rhett\AppData\Roaming\Mozilla\Firefox\Profiles\a4s1u1ey.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2011/03/28 17:54:19 | 000,000,000 | ---D | M] ("Highlighter") -- C:\Users\Rhett\AppData\Roaming\Mozilla\Firefox\Profiles\a4s1u1ey.default\extensions\{bbfec13c-8cb2-53f2-b852-999eb2a852c9}
[2011/01/10 01:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/15 23:33:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3608ded4-7900-11df-9a33-4487fc7ce8e3}\Shell - "" = AutoRun
O33 - MountPoints2\{3608ded4-7900-11df-9a33-4487fc7ce8e3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{7a54df0e-e6f3-11df-a148-4487fc7ce8e3}\Shell - "" = AutoRun
O33 - MountPoints2\{7a54df0e-e6f3-11df-a148-4487fc7ce8e3}\Shell\AutoRun\command - "" = M:\TL-Bootstrap.exe
O33 - MountPoints2\{cc8f3793-d7fc-11df-affd-4487fc7ce8e3}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8f3793-d7fc-11df-affd-4487fc7ce8e3}\Shell\AutoRun\command - "" = K:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 11:13:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Rhett\Desktop\OTL.exe
[2011/04/16 14:56:03 | 000,000,000 | ---D | C] -- C:\Users\Rhett\AppData\Roaming\GARMIN
[2011/04/08 17:12:26 | 000,000,000 | R--D | C] -- C:\Users\Rhett\Documents\Scanned Documents
[2011/04/08 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Rhett\Documents\Fax
[2011/04/03 17:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Rhett\AppData\Roaming\.#
[2011/04/03 16:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2011/04/03 16:57:46 | 000,000,000 | ---D | C] -- C:\Users\Rhett\AppData\Roaming\Hewlett-Packard Company
[2011/04/03 16:56:10 | 000,000,000 | ---D | C] -- C:\Users\Rhett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011/04/03 16:52:51 | 000,305,664 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3103.dll
[2011/03/31 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Rhett\Desktop\Ex_Files_OneNote2007_EssT
[2011/03/30 19:12:34 | 000,000,000 | ---D | C] -- C:\Users\Rhett\Documents\OneNote Notebooks
[2011/03/27 15:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/03/23 21:27:52 | 000,000,000 | -HSD | C] -- C:\Users\Rhett\AppData\Roaming\ms-drivers
[2011/03/23 21:27:34 | 000,000,000 | -HSD | C] -- C:\Users\Rhett\AppData\Roaming\sysprep
[2011/03/23 21:27:34 | 000,000,000 | -HSD | C] -- C:\Users\Rhett\AppData\Roaming\icsxml
[2011/03/23 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Rhett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Resetter 1.1
[2011/03/23 21:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Resetter 1.1
[2011/03/22 20:28:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/03/22 20:20:50 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/03/22 20:20:21 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/03/22 13:23:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

========== Files - Modified Within 30 Days ==========

[2011/04/18 11:19:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2790357615-2426254420-2253305375-1000UA.job
[2011/04/18 11:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rhett\Desktop\OTL.exe
[2011/04/18 11:06:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 11:02:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 11:02:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 10:59:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/18 10:59:26 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/18 10:59:26 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/18 10:55:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 10:54:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/18 10:54:47 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 16:32:48 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2790357615-2426254420-2253305375-1000Core.job
[2011/04/17 16:26:54 | 000,079,268 | ---- | M] () -- C:\Users\Rhett\Desktop\work station.jpg
[2011/04/16 20:35:35 | 000,032,325 | ---- | M] () -- C:\Users\Rhett\Desktop\DSCF0687.JPG
[2011/04/16 11:23:27 | 000,485,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/04 10:56:53 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/04/04 10:56:53 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/04/03 16:56:49 | 000,001,326 | ---- | M] () -- C:\Users\Public\Desktop\HP LaserJet Pro CP1520 Series Help & Learn Center.lnk
[2011/03/31 19:50:58 | 000,007,625 | ---- | M] () -- C:\Users\Rhett\AppData\Local\Resmon.ResmonCfg
[2011/03/30 20:22:55 | 078,993,767 | ---- | M] () -- C:\Users\Rhett\Desktop\Ex_Files_OneNote2007_EssT.zip
[2011/03/30 19:12:34 | 000,001,319 | ---- | M] () -- C:\Users\Rhett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/26 19:06:15 | 000,002,409 | ---- | M] () -- C:\Users\Rhett\Desktop\Google Chrome.lnk
[2011/03/23 21:27:09 | 000,003,051 | ---- | M] () -- C:\Users\Rhett\Desktop\Password Resetter 1.1.lnk
[2011/03/23 21:25:09 | 010,095,238 | ---- | M] () -- C:\Users\Rhett\Desktop\passwordresseter set up.exe
[2011/03/22 20:07:32 | 034,127,872 | ---- | M] () -- C:\Users\Rhett\Desktop\TED5000-installer-windows.exe
[2011/03/22 13:01:12 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/04/17 16:26:02 | 000,079,268 | ---- | C] () -- C:\Users\Rhett\Desktop\work station.jpg
[2011/04/16 20:34:11 | 000,032,325 | ---- | C] () -- C:\Users\Rhett\Desktop\DSCF0687.JPG
[2011/04/03 16:59:15 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/04/03 16:58:43 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/04/03 16:56:49 | 000,001,326 | ---- | C] () -- C:\Users\Public\Desktop\HP LaserJet Pro CP1520 Series Help & Learn Center.lnk
[2011/03/31 19:50:58 | 000,007,625 | ---- | C] () -- C:\Users\Rhett\AppData\Local\Resmon.ResmonCfg
[2011/03/30 20:13:46 | 078,993,767 | ---- | C] () -- C:\Users\Rhett\Desktop\Ex_Files_OneNote2007_EssT.zip
[2011/03/30 19:12:34 | 000,001,319 | ---- | C] () -- C:\Users\Rhett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/27 15:01:38 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 15:01:37 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 21:27:08 | 000,003,051 | ---- | C] () -- C:\Users\Rhett\Desktop\Password Resetter 1.1.lnk
[2011/03/23 21:25:08 | 010,095,238 | ---- | C] () -- C:\Users\Rhett\Desktop\passwordresseter set up.exe
[2011/03/22 20:21:57 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/03/22 20:19:57 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/03/22 20:19:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/03/22 20:19:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/03/22 20:18:10 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/03/22 20:05:11 | 034,127,872 | ---- | C] () -- C:\Users\Rhett\Desktop\TED5000-installer-windows.exe
[2011/02/24 18:00:14 | 000,000,122 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/24 14:50:25 | 000,208,125 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/02/24 14:50:25 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/10/05 15:00:35 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/22 22:12:44 | 000,000,164 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/20 12:50:59 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/29 21:50:07 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/07/20 20:37:31 | 000,000,047 | ---- | C] () -- C:\Windows\winhlp32.ini
[2010/07/20 20:37:31 | 000,000,047 | ---- | C] () -- C:\Windows\winhelp.ini
[2010/07/20 20:32:59 | 000,017,552 | ---- | C] () -- C:\Windows\SysWow64\TTYTWIN.DRV
[2010/07/20 20:32:46 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\NCSPI8EN.DLL
[2010/07/20 20:32:36 | 000,022,480 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI16.DLL
[2010/07/20 20:32:36 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI32.DLL
[2010/07/03 14:22:05 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 11:10:02 | 000,000,004 | ---- | C] () -- C:\Users\Rhett\AppData\Roaming\wklnhst.dat
[2010/06/16 23:52:21 | 000,023,155 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/15 22:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini

========== LOP Check ==========

[2011/04/03 17:18:20 | 000,000,000 | -HSD | M] -- C:\Users\Rhett\AppData\Roaming\.#
[2010/07/24 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Acronis
[2010/10/08 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Avanquest
[2011/04/16 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\GARMIN
[2011/03/23 21:29:14 | 000,000,000 | -HSD | M] -- C:\Users\Rhett\AppData\Roaming\icsxml
[2010/07/09 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\ImgBurn
[2011/03/23 21:28:45 | 000,000,000 | -HSD | M] -- C:\Users\Rhett\AppData\Roaming\ms-drivers
[2011/02/24 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Neat
[2011/02/24 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Nuance
[2011/02/24 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\ScanSoft
[2010/08/22 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Simon Brown, HB9DRV
[2010/11/09 22:31:38 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\SoftGrid Client
[2011/03/23 21:27:34 | 000,000,000 | -HSD | M] -- C:\Users\Rhett\AppData\Roaming\sysprep
[2010/07/02 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Template
[2010/07/03 14:23:23 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\TP
[2010/07/27 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\Rhett\AppData\Roaming\Web Page Maker
[2011/02/17 00:30:21 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 19 April 2011 - 06:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Appears to be a common problem with Kaspersky. If a program monitors the keyboard it gets flagged as dangerous:

http://www.arcengame...hp?topic=6279.0
and
http://support.kaspe...e?qid=208281028

Looking at your log I see another program installed about the same time and the "passwordresseter set up.exe" file does not show up in google (if you put quotes around it):

[2011/03/23 21:25:09 | 010,095,238 | ---- | M] () -- C:\Users\Rhett\Desktop\passwordresseter set up.exe
[2011/03/22 20:07:32 | 034,127,872 | ---- | M] () -- C:\Users\Rhett\Desktop\TED5000-installer-windows.exe

I would submit both files to http://virustotal.com and see what they say about them.

Ron
  • 0

#3
Road Runner
Posted 19 April 2011 - 06:44 PM

Road Runner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Good Catch on the Password Resetter install. I paid for that program and believe it came from a reputable vendor...But you never know :D

I will send those files in and post the results tomorrow.

Many Thanks Sir.

RR
  • 0

#4
Road Runner
Posted 21 April 2011 - 02:04 PM

Road Runner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Ron,
Here are the results from Virus Total for password resseter.

The TED5000 file seems to be a little large for Virus Totals 20mb limit. I will see if another online scanner might take a larger file.

As a "student in training" I know enough to be DANGEROUS. I can't help but be CURIOUS though. Being curious is why I am in Geek U :D

IF this is deemed "bad" would that possibly merit contact with the vendor and giving them a chance to view the evidence ?
I believe in innocent till proven guilty.....and a chance to fix honest mistakes. However even though this program has worked for me.....I DID NOT PAY for "nasties" to be included if they are indeed nasties. Make sense ?

Sincerely,

Road Runner


passwordresseter set up.exe
Submission date:
2011-04-21 19:22:32 (UTC)
Current status:
queued (#32) queued analysing finished
Result:
5/ 41 (12.2%)

Antivirus Version Last Update Result
AhnLab-V3 2011.04.22.00 2011.04.21 -
AntiVir 7.11.6.230 2011.04.21 -
Antiy-AVL 2.0.3.7 2011.04.21 -
Avast 4.8.1351.0 2011.04.21 -
Avast5 5.0.677.0 2011.04.21 -
AVG 10.0.0.1190 2011.04.21 -
BitDefender 7.2 2011.04.21 -
CAT-QuickHeal 11.00 2011.04.21 -
ClamAV 0.97.0.0 2011.04.21 PUA.Packed.PECompact-1
Commtouch 5.3.2.6 2011.04.21 -
Comodo 8427 2011.04.21 -
DrWeb 5.0.2.03300 2011.04.21 -
eSafe 7.0.17.0 2011.04.20 -
eTrust-Vet 36.1.8283 2011.04.21 -
F-Prot 4.6.2.117 2011.04.21 -
F-Secure 9.0.16440.0 2011.04.21 -
Fortinet 4.2.257.0 2011.04.21 -
GData 22 2011.04.21 -
Ikarus T3.1.1.103.0 2011.04.21 -
Jiangmin 13.0.900 2011.04.21 Trojan/Agent.ditu
K7AntiVirus 9.97.4451 2011.04.21 -
Kaspersky 7.0.0.125 2011.04.21 -
McAfee 5.400.0.1158 2011.04.21 -
McAfee-GW-Edition 2010.1D 2011.04.21 -
Microsoft 1.6802 2011.04.21 -
NOD32 6062 2011.04.21 -
Norman 6.07.07 2011.04.21 -
Panda 10.0.3.5 2011.04.21 -
PCTools 7.0.3.5 2011.04.21 -
Prevx 3.0 2011.04.21 High Risk Cloaked Malware
Rising 23.54.03.06 2011.04.21 -
Sophos 4.64.0 2011.04.21 -
SUPERAntiSpyware 4.40.0.1006 2011.04.21 -
Symantec 20101.3.2.89 2011.04.21 -
TheHacker 6.7.0.1.180 2011.04.21 Trojan/Refroso.aduw
TrendMicro 9.200.0.1012 2011.04.21 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.21 -
VBA32 3.12.16.0 2011.04.21 -
VIPRE 9078 2011.04.21 -
ViRobot 2011.4.21.4422 2011.04.21 -
VirusBuster 13.6.315.0 2011.04.21 Backdoor.Bifrose!rPMvTEiK1qs
Additional information
Show all
MD5 : abfd4850c2fbc86c34cfa93af9d19645
SHA1 : 58bc2224b32cd5f72aef7371744aa94bae8ed0d5
SHA256: 5266efa553d9c9dc4da4218986d07925a559ed3f7b7eb9e71163c0c7d9dfb1da
ssdeep: 196608:NsVvU7FlzFfMveWll9xSKzYt/aAmuYBKc2t2/SzbcIEcZ:NsVvsVMvvllCuYBj+Kb1cU
Z
File size : 10095238 bytes
First seen: 2011-04-21 19:22:32
Last seen : 2011-04-21 19:22:32
TrID:
Win64 Executable Generic (43.2%)
Win32 EXE PECompact compressed (generic) (20.9%)
Win32 Executable MS Visual C++ (generic) (19.0%)
Windows Screen Saver (6.6%)
Win32 Executable Generic (4.3%)
sigcheck:
publisher....:
copyright....: Copyright © 2002
product......: selfextractor Application
description..: selfextractor MFC Application
original name: selfextractor.EXE
internal name: selfextractor
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.71
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xA5B7
timedatestamp....: 0x3DBF5D05 (Wed Oct 30 04:16:05 2002)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2366E, 0x24000, 6.55, 02910742d48c67b2f6e5b618fe5863bd
.rdata, 0x25000, 0x850E, 0x9000, 4.53, 4215e23afad67322b2f07779d1e5d2b5
.data, 0x2E000, 0x6308, 0x2000, 4.41, 4e68a214ba72624e8677b0ffa7268878
.rsrc, 0x35000, 0x3018, 0x4000, 3.16, ed997c473d40f38ca3443d513fc61fbf

[[ 12 import(s) ]]
KERNEL32.dll: SizeofResource, RtlUnwind, GetStartupInfoA, GetDriveTypeA, HeapAlloc, HeapFree, TerminateProcess, ExitProcess, RaiseException, HeapSize, GetACP, GetTimeZoneInformation, SetHandleCount, GetStdHandle, HeapReAlloc, UnhandledExceptionFilter, GetFileType, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, GetVersion, LoadLibraryA, GlobalGetAtomNameA, IsBadWritePtr, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFileSize, GetFileTime, FileTimeToLocalFileTime, GetFileAttributesA, GetTickCount, GetOEMCP, FileTimeToSystemTime, GetCPInfo, FindFirstFileA, GetFullPathNameA, GetVolumeInformationA, SetEndOfFile, FindClose, FlushFileBuffers, UnlockFile, LockFile, ReadFile, SetFilePointer, WriteFile, DuplicateHandle, CreateFileA, GetCurrentProcess, GetProcessVersion, SetErrorMode, GetThreadLocale, FreeEnvironmentStringsA, FreeLibrary, GetCurrentThreadId, FormatMessageA, LocalFree, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GetCommandLineA, DeleteFileA, RemoveDirectoryA, GetExitCodeProcess, Sleep, GetTempPathA, GetTempFileNameA, LCMapStringA, GlobalAddAtomA, GlobalFindAtomA, GetProfileStringA, GetModuleHandleA, GetProcAddress, GetCurrentDirectoryA, lstrcpyA, lstrcatA, WritePrivateProfileStringA, GlobalFlags, MulDiv, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, GlobalUnlock, TlsAlloc, LocalAlloc, lstrcpynA, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, FindResourceA, LoadResource, LockResource, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, LCMapStringW, VirtualAlloc, FreeEnvironmentStringsW, GetEnvironmentStrings, CreateDirectoryA
USER32.dll: InvalidateRect, CharUpperA, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, CreateDialogIndirectParamA, EndDialog, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, LoadIconA, UpdateWindow, MapWindowPoints, GetSysColor, SetActiveWindow, IsWindow, AdjustWindowRectEx, GetClientRect, CopyRect, GetTopWindow, IsChild, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetSubMenu, GetMenuItemID, DestroyWindow, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, GetMessagePos, GetForegroundWindow, SetForegroundWindow, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSystemMetrics, SetFocus, ShowWindow, MoveWindow, SetWindowLongA, GetWindowTextLengthA, IsDialogMessageA, MessageBeep, SendDlgItemMessageA, GetDlgItem, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, GetMenuItemCount, wsprintfA, UnhookWindowsHookEx, GetWindowTextA, SetWindowTextA, GetDlgCtrlID, GetWindowRect, PtInRect, GetClassNameA, ScreenToClient, ClientToScreen, GetDesktopWindow, LoadCursorA, GetCapture, LoadStringA, MapDialogRect, SetWindowPos, GetWindow, DestroyMenu, GetMessageTime, RemovePropA, SetWindowContextHelpId, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, EnableWindow, SetCursor, SendMessageA, PostQuitMessage, PostMessageA, DefWindowProcA, DrawFocusRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode
GDI32.dll: GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetObjectA, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, CreateDIBitmap, CreateCompatibleDC, BitBlt, GetTextExtentPointA, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, GetClipBox, ScaleViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetMapMode, SetBkMode, GetStockObject, SetBkColor, RestoreDC, SaveDC, SelectObject, DeleteDC, DeleteObject, CreateBitmap
comdlg32.dll: GetFileTitleA
WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
SHELL32.dll: ShellExecuteExA
COMCTL32.dll: -
oledlg.dll: -
ole32.dll: CoFreeUnusedLibraries, OleUninitialize, OleInitialize, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoTaskMemAlloc
OLEPRO32.DLL: -
OLEAUT32.dll: -, -, -, -, -, -, -, -, -
Prevx Info:
http://info.prevx.co...E3867001D248BF4
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 147456
CompanyName:
EntryPoint: 0xa5b7
FileDescription: selfextractor MFC Application
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 9.6 MB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 0, 1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 81920
InternalName: selfextractor
LanguageCode: English (U.S.)
LegalCopyright: Copyright © 2002
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: selfextractor.EXE
PEType: PE32
ProductName: selfextractor Application
ProductVersion: 1, 0, 0, 1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2002:10:30 05:16:05+01:00
UninitializedDataSize: 0
  • 0

#5
RKinner
Posted 23 April 2011 - 12:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
"I believe in innocent till proven guilty"

In the malware removal world it's the opposite. Can't trust anybody.

However, if Kaspersky, Avast, and Bitdefender don't have a problem with it then it may just be a false positive. One thing I do not like about the file is that they don't know how to spell "resetter."

I suppose a simple test would be to uninstall TED5000 and see if Kaspersky still complains.

Ron
  • 0

#6
Road Runner
Posted 25 April 2011 - 09:25 AM

Road Runner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts

I suppose a simple test would be to uninstall TED5000 and see if Kaspersky still complains.


Ron,

I have about a month of "tweaking" the calibration of the Current Sensors that feed info from the outside Fuse panel to the recieving unit. All done through the TED software. Really neat set up when you can watch your real time power usage and see how much it costs to wash a load of clothes or how much you save turning unused lights off. I'm hesitant to take it off just yet now that it is about 96% accurate.

I have a laptop same brand...almost same specs as my desktop with same Kaspersky protection. Does it sound reasonable to maybe put the re-setter program on it and see if Kaspersky throws up a flag ? I could also do the TED 500 software and see if that causes the notification. I'm thinking to do one at the time much like process of elimination ?
  • 0

#7
RKinner
Posted 25 April 2011 - 06:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
One at a time on the other PC should tell you if it's a false positive.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP