Recurring Exploit:java/blacole.ae

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 2:54 am

hi, i would appreciate some help. on 11-12 at 7:27pm mse removed blacole.ae and java/cve-2010-0840.mz. checking my history in mse since my laptop is running extremely slow, i found blacole.ae was allowed 7 minutes later at 7:34pm even though my settings specify to remove any severe thread.
atm i'm running a full scan with mse again but it looks as if i might need additional help.

i will download and post the requested scans and logs as soon as mse has finished.


first scan - security check

Results of screen317's Security Check version 0.99.26
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (5.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 6:42 am

OTL Extras logfile created on: 11/14/2011 1:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\trauti\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.28% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 43.95 Gb Free Space | 62.94% Space Free | Partition Type: NTFS

Computer Name: LAPSTER | User Name: trauti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9212:TCP" = 9212:TCP:*:Enabled:SkyCaddie Desktop
"9210:UDP" = 9210:UDP:*:Enabled:SkyCaddie Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal -- (Lavasoft Sweden)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Cyfre\ezStart\ezStart.exe" = C:\Program Files\Cyfre\ezStart\ezStart.exe:*:Enabled:ezStart for Wireless Broadband Router -- ()
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BFF4D05-66DD-428D-BD05-85FF90174846}" = Software from PC Software Accounting
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}" = Verizon Wireless MiFi-2200 Firmware Updates
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}" = HP Deskjet 1000 J110 series Product Improvement Study
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E332FF49-A8D3-4582-9448-50FBB1ADA43D}" = ezStart
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM Toolbar" = AIM Toolbar 5.0
"alotAppbar" = ALOT Appbar
"AnyTV_is1" = AnyTV 2.10
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 7.2
"CaddieSync Express" = CaddieSync Express 1.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"getPlus(R)_ocx" = getPlus(R)_ocx
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"Lexmark 640 Series" = Lexmark 640 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Motorola USB Drivers" = Motorola USB Drivers
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickLink Mobile" = QuickLink Mobile
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SkyCaddieDesktop" = SkyCaddie Desktop
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2011 10:42:02 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {A706B369-EAB1-4B2C-8851-DE5A897DB4F6} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\eventserver.cpp(2334),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\eventserver.cpp(2334),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {54A02444-20E5-43A9-B594-5283DE7A9632} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 11/14/2011 10:42:29 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 11/14/2011 12:06:49 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ghosterymimefilter.dll, version 2.4.2.0, fault address 0x0001898f.

Error - 11/14/2011 12:07:03 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1001
Description = Fault bucket -1773854309.

Error - 11/14/2011 1:00:14 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ghosterymimefilter.dll, version 2.4.2.0, fault address 0x0001898f.

Error - 11/14/2011 1:00:27 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1001
Description = Fault bucket -1773854309.

[ System Events ]
Error - 10/30/2011 6:20:05 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/30/2011 11:10:21 PM | Computer Name = LAPSTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 0012F0A29D71.

Error - 10/31/2011 12:01:36 PM | Computer Name = LAPSTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/1/2011 11:27:32 AM | Computer Name = LAPSTER | Source = PSched | ID = 14103
Description = QoS [Adapter {3315C39E-2491-44E8-8F6A-9145EF252908}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/1/2011 12:01:40 PM | Computer Name = LAPSTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/1/2011 2:43:55 PM | Computer Name = LAPSTER | Source = PSched | ID = 14103
Description = QoS [Adapter {3315C39E-2491-44E8-8F6A-9145EF252908}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/1/2011 6:35:34 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2011 6:35:34 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2011 6:35:49 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2011 6:35:49 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 6:44 am

OTL logfile created on: 11/14/2011 1:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\trauti\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.28% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 43.95 Gb Free Space | 62.94% Space Free | Partition Type: NTFS

Computer Name: LAPSTER | User Name: trauti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 12:19:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
PRC - [2011/09/30 05:58:32 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/03/04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 16:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 14:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE
PRC - [2000/06/29 03:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 11:28:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 11:20:21 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 11:20:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/03/04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
MOD - [2004/12/23 15:47:36 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2004/09/07 16:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/08/10 06:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/06/18 09:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2000/06/29 03:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 10:03:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl03896dd2.sys -- (MpKsl03896dd2)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/10 00:56:20 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/07/22 23:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 23:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/07/22 23:41:18 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/04 03:34:26 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/03/25 19:37:08 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2004/03/25 19:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2000/02/03 14:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.oldhalifax.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/30 05:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 05:58:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 05:59:22 | 000,000,000 | ---D | M]

[2011/02/28 14:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Extensions
[2011/04/29 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\extensions
[2011/02/28 15:01:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/23 14:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 11:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 13:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/11 14:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/23 14:47:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/06/15 23:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 03:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 03:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/02/27 15:38:36 | 000,000,154 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 connect.facebook.net
O1 - Hosts: 127.0.0.1 google-analytics.com
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O15 - HKCU\..Trusted Domains: bild.de ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} [You must be registered and logged in to see this link.] (Device Detection)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {10000000-1000-1000-1000-100000000000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [You must be registered and logged in to see this link.] (Symantec AntiVirus scanner)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Symantec Script Runner Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} [You must be registered and logged in to see this link.] (Malicious Software Removal Tool)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} [You must be registered and logged in to see this link.] (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [You must be registered and logged in to see this link.] (CSEQueryObject Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [You must be registered and logged in to see this link.] (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} [You must be registered and logged in to see this link.] (DellSystem.Scanner)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} [You must be registered and logged in to see this link.] (DVM_IPCam2 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F714057B-7FBE-4672-A80A-9D51756356D1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files\GhosteryIEplugin\GhosteryMimeFilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\trauti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\trauti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CaddieSyncConduit - hkey= - key= - C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 6:45 am

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 12:18:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
[2011/11/14 12:17:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2011/11/14 08:58:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\trauti\Recent
[2011/11/14 08:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/14 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/14 08:38:59 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/11/11 10:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\GhosteryIEplugin
[2011/10/31 09:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/10/31 09:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\Softland
[2011/10/31 09:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\alotappbar
[2011/10/31 09:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\alotappbar
[2011/10/23 14:47:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/23 14:47:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/23 14:47:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/22 13:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\Logishrd
[2011/10/22 13:02:36 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[43 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/14 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/14 13:54:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
[2011/11/14 13:54:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
[2011/11/14 13:49:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\MBR.dat
[2011/11/14 13:08:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005UA.job
[2011/11/14 12:42:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/14 12:19:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
[2011/11/14 12:17:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2011/11/14 12:08:45 | 000,879,569 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2011/11/14 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/14 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/14 09:43:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/14 09:42:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 09:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 08:49:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/14 08:39:07 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/11/13 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/13 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/13 17:08:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005Core.job
[2011/11/13 14:34:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/10 14:23:38 | 000,478,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/10 14:23:38 | 000,086,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 11:27:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/31 09:38:32 | 000,003,555 | ---- | M] () -- C:\Documents and Settings\trauti\My Documents\Evidence of Value.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[43 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 13:49:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\trauti\Desktop\MBR.dat
[2011/11/14 12:08:39 | 000,879,569 | ---- | C] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2011/11/14 08:49:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/04 08:54:21 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/10/31 09:38:30 | 000,003,555 | ---- | C] () -- C:\Documents and Settings\trauti\My Documents\Evidence of Value.pdf
[2011/10/31 09:31:05 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2010/10/23 17:57:19 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\start
[2010/10/23 17:44:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\completescan
[2010/10/23 17:39:11 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\install
[2010/08/14 14:13:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/29 17:20:38 | 000,123,109 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/07/29 17:20:37 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2008/06/16 07:53:07 | 000,123,135 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2008/06/16 07:53:06 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2008/06/16 07:52:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/12 08:04:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/21 18:22:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/01/27 08:03:19 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/01/11 09:52:49 | 000,000,252 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/11/02 11:21:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Helpfile.ini
[2007/11/02 11:21:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007/11/02 11:21:41 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2007/11/02 11:21:41 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007/11/02 11:21:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007/11/02 11:21:41 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2007/09/17 09:16:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.trauti.ini
[2007/08/21 10:00:28 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Clipbook.INI
[2007/04/16 12:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/09 11:29:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/30 05:55:24 | 000,745,768 | ---- | C] () -- C:\WINDOWS\System32\wodTelnetDLX.dll
[2005/12/24 21:46:42 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\trauti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/15 11:22:17 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2005/12/15 11:21:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2005/12/15 11:21:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2005/10/29 17:09:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/14 16:02:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/14 16:02:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B2D02B9504.sys
[2005/07/26 07:11:16 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\PFP120JPR.{PB
[2005/07/26 07:11:16 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\PFP120JCM.{PB
[2005/07/20 09:39:59 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\trauti\Local Settings\Application Data\fusioncache.dat
[2005/07/15 16:39:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/15 16:26:49 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/15 16:22:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/15 16:15:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/07/15 15:49:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/07/15 15:49:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/15 15:48:50 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/04 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:20:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 16:03:04 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 15:57:07 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 15:49:47 | 000,478,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 15:49:47 | 000,086,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/23 14:17:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/01/10 23:01:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ANXFTPRO.dll
[2000/10/11 01:26:18 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\TALITF32.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2007/12/14 09:59:16 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\trauti\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2005/07/15 16:07:23 | 000,000,310 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\convert.log

< %USERPROFILE%\Desktop\*.exe >
[2009/01/01 21:32:18 | 023,804,784 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\aaw2008.exe
[2011/11/14 12:17:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2009/06/14 11:08:13 | 005,137,016 | ---- | M] (SkyHawke Technologies, LLC) -- C:\Documents and Settings\trauti\Desktop\CaddieSyncSetupE.exe
[2011/11/14 08:39:07 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/01/23 17:48:44 | 000,225,672 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\CrucialScan.exe
[2010/01/18 18:15:26 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\FileFormatConverters.exe
[2009/11/19 08:04:48 | 001,855,888 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\install_easyshare8.exe
[2011/10/11 14:17:54 | 000,908,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\trauti\Desktop\JavaSetup6u27.exe
[2009/10/03 06:16:09 | 009,052,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\MSNOIE8_ENUS_XPL.EXE
[2011/09/29 09:03:27 | 002,358,416 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\trauti\Desktop\ParetoLogic FileCure.exe
[2009/11/22 15:12:59 | 009,414,136 | ---- | M] (Google Inc.) -- C:\Documents and Settings\trauti\Desktop\picasa35-setup.exe
[2011/03/07 15:21:17 | 001,739,024 | ---- | M] (Secunia) -- C:\Documents and Settings\trauti\Desktop\PSISetup - secunia.exe
[2008/12/29 12:42:54 | 298,000,168 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\trauti\Desktop\QuickBooksSimpleStartDirect2008.exe
[2011/09/30 05:45:38 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\trauti\Desktop\RealPlayer.exe
[2011/11/14 12:08:45 | 000,879,569 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2008/02/04 15:56:45 | 000,525,048 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\Setup_QuickBooks_SimpleStart_Direct_2008.exe
[2009/06/08 21:38:06 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\wordview_en-us.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/15 23:32:38 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/15 23:32:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/15 23:32:38 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[46 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/11/01 14:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/01/18 09:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/02/04 15:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai
[2007/05/12 16:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\Alltel
[2007/05/12 14:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alltel(2)
[2011/10/31 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\alotappbar
[2007/12/21 19:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/10/13 20:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2005/07/15 16:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2008/10/20 06:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2008/03/21 18:22:56 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2005/07/15 16:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2005/12/15 11:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2011/11/14 08:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/10/11 14:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/19 16:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/07/15 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2005/07/15 16:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/06/01 11:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Cyfre
[2006/09/09 11:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/07/15 16:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2007/11/21 07:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/05/17 19:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2005/07/15 16:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2004/08/19 16:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\DIGStream
[2008/06/30 23:00:45 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2004/08/19 16:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2008/07/12 20:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/10/30 18:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2004/08/19 16:16:26 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2008/01/26 18:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2004/08/19 16:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/11/11 10:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\GhosteryIEplugin
[2009/02/25 10:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/04/20 13:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/02/02 09:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2011/06/26 12:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\IDrive
[2011/06/26 15:08:40 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/07/15 16:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/07/15 16:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2011/10/13 11:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/02/05 06:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2006/06/14 11:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/10/23 14:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/11/06 08:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/07/15 14:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2005/07/15 16:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2008/01/11 09:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 640 Series
[2011/06/26 15:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/09/19 20:36:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 12:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2008/12/11 11:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/08/14 14:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/03/03 15:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2007/05/10 04:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/04/26 08:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Easy Assist
[2004/08/19 16:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/24 21:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/29 06:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/07/15 16:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/07/15 16:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2008/09/16 09:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Research
[2011/08/03 13:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2010/10/23 19:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/14 14:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2005/07/15 16:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2007/10/29 16:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers
[2007/05/12 14:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers(2)
[2010/08/12 08:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/12 07:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/05/18 20:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox(2)
[2009/08/15 08:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/06/08 22:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/19 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/19 16:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/14 15:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/07/15 16:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/12/11 11:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/07/15 16:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/03/07 21:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2004/08/19 16:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 12:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/01 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\PANTECH
[2008/05/18 20:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2011/09/30 05:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/15 08:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2004/08/19 16:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2008/07/10 23:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\RogueRemover FREE
[2011/06/26 15:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2009/06/14 11:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\SG2
[2005/07/15 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2011/08/06 07:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\SkyGolf
[2005/10/26 06:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/10/24 15:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/04/04 05:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\TrojanHunter 5.0
[2011/09/03 15:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\Typing Instructor Deluxe
[2004/08/19 16:14:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/08 09:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2005/11/25 21:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/10/27 05:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/04/03 06:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2005/12/03 15:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/11 11:13:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/19 16:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2004/08/19 16:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/07/15 16:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/19 16:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/11/02 11:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-14 17:01:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

< >

< >

< >

< >

< >

< >

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Tue 15 Nov 2011, 7:05 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL
:Files

C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At7.job

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 7:13 am

i hope i copied and pasted everything needed - got the message that my post are too long. thought i posted avast results but now i don't see them above

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-14 13:48:19
-----------------------------
13:48:19.421 OS Version: Windows 5.1.2600 Service Pack 3
13:48:19.421 Number of processors: 1 586 0xD08
13:48:19.421 ComputerName: LAPSTER UserName: trauti
13:48:20.781 Initialize success
13:48:48.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:48:48.265 Disk 0 Vendor: TOSHIBA_MK8026GAX PA002D Size: 76319MB BusType: 3
13:48:50.296 Disk 0 MBR read successfully
13:48:50.296 Disk 0 MBR scan
13:48:50.296 Disk 0 unknown MBR code
13:48:50.296 Disk 0 scanning sectors +156296385
13:48:50.390 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:02.140 Service scanning
13:49:02.906 Service MpKsl03896dd2 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl03896dd2.sys **LOCKED** 32
13:49:03.625 Modules scanning
13:49:11.890 Disk 0 trace - called modules:
13:49:11.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:49:11.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a948ab8]
13:49:11.921 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8b9d98]
13:49:11.921 Scan finished successfully
13:49:58.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\trauti\Desktop\MBR.dat"
13:49:58.375 The log file has been saved successfully to "C:\Documents and Settings\trauti\Desktop\aswMBRlog.txt"

dave, i will proceed with your instructions which you posted while i was struggling to get all the logs online



tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 7:18 am

========== OTL ==========
========== FILES ==========
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_151626

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Tue 15 Nov 2011, 10:38 am

thought i posted avast results but now i don't see them above
That's ok. I really don't need to see the results of the Avast scan.
If the logs are too long you will have to split them into two or more posts.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 11:29 am

results of superantispyware

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 11/14/2011 at 07:10 PM

Application Version : 5.0.1136

Core Rules Database Version : 7940
Trace Rules Database Version: 5752

Scan type : Complete Scan
Total Scan Time : 02:49:57

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 38208
Registry threats detected : 0
File items scanned : 110090
File threats detected : 31

Rogue.MSE-Fraud
C:\Documents and Settings\trauti\Application Data\install
C:\Documents and Settings\trauti\Application Data\completescan

Adware.Tracking Cookie
C:\Documents and Settings\trauti\Cookies\NJIH48LM.txt [ /ad3.adfarm1.adition.com ]
C:\Documents and Settings\trauti\Cookies\6Y09E94H.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\trauti\Cookies\96Y51TKP.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\trauti\Cookies\25KKWOFZ.txt [ /questionmarket.com ]
C:\Documents and Settings\trauti\Cookies\JJ65WPUH.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\trauti\Cookies\N0GRPE0I.txt [ /clickbooth.com ]
C:\Documents and Settings\trauti\Cookies\DO30NPA2.txt [ /adxpose.com ]
C:\Documents and Settings\trauti\Cookies\9NTZGNEG.txt [ /ads.ookla.com ]
C:\Documents and Settings\trauti\Cookies\YG5GWKA7.txt [ /collective-media.net ]
C:\Documents and Settings\trauti\Cookies\IROT9YWK.txt [ /accounts.google.com ]
C:\Documents and Settings\trauti\Cookies\1F3UFB36.txt [ /kontera.com ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@bestoffersnetworks[1].txt [ Cookie:michael@bestoffersnetworks.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@[You must be registered and logged in to see this link.] [ Cookie:michael@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@btg.btgrab[1].txt [ Cookie:michael@btg.btgrab.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@offeroptimizer[1].txt [ Cookie:michael@offeroptimizer.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@burstnet[2].txt [ Cookie:michael@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@[You must be registered and logged in to see this link.] [ Cookie:michael@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@500[2].txt [ Cookie:michael@jkazaa.cjt1.net/HTM/500 ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@need2find[2].txt [ Cookie:michael@need2find.com/ ]
C:\DOCUMENTS AND SETTINGS\TRAUTI\Cookies\9VPS0DUN.txt [ Cookie:trauti@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@2O7[2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@ADKNOWLEDGE[2].TXT [ /ADKNOWLEDGE ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@ADOPT.HBMEDIAPRO[2].TXT [ /ADOPT.HBMEDIAPRO ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@CLIKS[1].TXT [ /CLIKS ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Adware.RX Toolbar
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\COMMONNAME.ZIP )/RXTOOLBAR.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\COMMONNAME.ZIP

will now do mbam - slow going!

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 12:51 pm

and mbam

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8163

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/14/2011 8:50:56 PM
mbam-log-2011-11-14 (20-50-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 283399
Time elapsed: 1 hour(s), 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 1:00 pm

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by trauti at 20:56:04 on 2011-11-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1269 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Google Update] "c:\documents and settings\trauti\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: bild.de\www
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - [You must be registered and logged in to see this link.]
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {10000000-1000-1000-1000-100000000000} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - [You must be registered and logged in to see this link.]
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - [You must be registered and logged in to see this link.]
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - [You must be registered and logged in to see this link.]
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - [You must be registered and logged in to see this link.]
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - [You must be registered and logged in to see this link.]
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - [You must be registered and logged in to see this link.]
TCP: Interfaces\{F714057B-7FBE-4672-A80A-9D51756356D1} : DhcpNameServer = 192.168.1.1
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\trauti\application data\mozilla\firefox\profiles\bclwurc4.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\trauti\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\trauti\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\trauti\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl3e6c99f8;MpKsl3e6c99f8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl3e6c99f8.sys [2011-11-14 28752]
R1 MpKsl6ae382ca;MpKsl6ae382ca;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl6ae382ca.sys [2011-11-14 28752]
R1 MpKsl9dd52d46;MpKsl9dd52d46;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl9dd52d46.sys [2011-11-14 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 MpKsl31dc6db8;MpKsl31dc6db8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpksl31dc6db8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKsl31dc6db8.sys [?]
S1 MpKsl46255956;MpKsl46255956;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62b4dde8-56d9-4a65-89ef-cd64d8098526}\mpksl46255956.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62b4dde8-56d9-4a65-89ef-cd64d8098526}\MpKsl46255956.sys [?]
S1 MpKsl51152092;MpKsl51152092;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75131fb4-e296-44e3-8b7e-9b70fbd5468f}\mpksl51152092.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75131fb4-e296-44e3-8b7e-9b70fbd5468f}\MpKsl51152092.sys [?]
S1 MpKsl514225a1;MpKsl514225a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d841d3a7-fb36-4101-97c6-7faa74a441c7}\mpksl514225a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d841d3a7-fb36-4101-97c6-7faa74a441c7}\MpKsl514225a1.sys [?]
S1 MpKsl9ca6f2aa;MpKsl9ca6f2aa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b776421-35bf-40de-a5d7-f998634631ab}\mpksl9ca6f2aa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b776421-35bf-40de-a5d7-f998634631ab}\MpKsl9ca6f2aa.sys [?]
S1 MpKsla049956d;MpKsla049956d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\mpksla049956d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\MpKsla049956d.sys [?]
S1 MpKslc2a5156b;MpKslc2a5156b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpkslc2a5156b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKslc2a5156b.sys [?]
S1 MpKslc4152753;MpKslc4152753;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88766831-d887-4268-a200-9fe69700466e}\mpkslc4152753.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88766831-d887-4268-a200-9fe69700466e}\MpKslc4152753.sys [?]
S1 MpKsld269900d;MpKsld269900d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\mpksld269900d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\MpKsld269900d.sys [?]
S1 MpKslf208c003;MpKslf208c003;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\mpkslf208c003.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\MpKslf208c003.sys [?]
S1 MpKslf2912e18;MpKslf2912e18;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\mpkslf2912e18.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\MpKslf2912e18.sys [?]
S1 MpKslf2c092b9;MpKslf2c092b9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6cbc98a9-cf63-4e4c-a94d-1d40f6494600}\mpkslf2c092b9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6cbc98a9-cf63-4e4c-a94d-1d40f6494600}\MpKslf2c092b9.sys [?]
S1 MpKslffe0b922;MpKslffe0b922;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpkslffe0b922.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKslffe0b922.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
.
=============== Created Last 30 ================
.
2011-11-15 00:43:04 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl6ae382ca.sys
2011-11-15 00:42:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl3e6c99f8.sys
2011-11-15 00:39:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-15 00:17:16 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl9dd52d46.sys
2011-11-15 00:17:08 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\offreg.dll
2011-11-14 21:10:47 -------- d-----w- c:\documents and settings\trauti\application data\SUPERAntiSpyware.com
2011-11-14 21:09:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-14 21:09:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-14 20:16:26 -------- d-----w- C:\_OTL
2011-11-14 15:02:34 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\mpengine.dll
2011-11-14 13:48:51 -------- d-----w- c:\program files\CCleaner
2011-11-12 13:28:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-12 13:28:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 15:22:17 -------- d-----w- c:\program files\GhosteryIEplugin
2011-10-31 14:31:20 -------- d-----w- c:\documents and settings\trauti\application data\Softland
2011-10-31 14:26:30 -------- d-----w- c:\documents and settings\trauti\application data\alotappbar
2011-10-31 14:26:28 -------- d-----w- c:\program files\alotappbar
2011-10-22 18:25:37 -------- d-----w- c:\documents and settings\trauti\application data\Logishrd
2011-10-22 18:02:36 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-22 18:02:36 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
==================== Find3M ====================
.
2011-11-05 16:27:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 10:58:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-30 10:58:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(4).dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 20:57:34.45 ===============

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 1:01 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2005 3:08:34 PM
System Uptime: 11/14/2011 7:15:15 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1595/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 43.75 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1A69ECE1484FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1A69ECE1484FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP3412: 10/10/2011 1:02:32 PM - Software Distribution Service 3.0
RP3413: 10/11/2011 12:00:19 PM - Software Distribution Service 3.0
RP3414: 10/11/2011 2:38:16 PM - Software Distribution Service 3.0
RP3415: 10/11/2011 3:19:27 PM - Installed Java(TM) 6 Update 27
RP3416: 10/12/2011 2:38:41 PM - Software Distribution Service 3.0
RP3417: 10/13/2011 12:00:27 PM - Software Distribution Service 3.0
RP3418: 10/14/2011 12:00:21 PM - Software Distribution Service 3.0
RP3419: 10/14/2011 12:53:40 PM - Software Distribution Service 3.0
RP3420: 10/15/2011 12:00:19 PM - Software Distribution Service 3.0
RP3421: 10/15/2011 12:49:13 PM - Software Distribution Service 3.0
RP3422: 10/16/2011 12:00:19 PM - Software Distribution Service 3.0
RP3423: 10/16/2011 12:50:56 PM - Software Distribution Service 3.0
RP3424: 10/17/2011 12:00:18 PM - Software Distribution Service 3.0
RP3425: 10/17/2011 12:49:34 PM - Software Distribution Service 3.0
RP3426: 10/17/2011 9:07:21 PM - Microsoft Antimalware Checkpoint
RP3427: 10/18/2011 12:00:43 PM - Software Distribution Service 3.0
RP3428: 10/18/2011 12:52:22 PM - Software Distribution Service 3.0
RP3429: 10/19/2011 12:00:19 PM - Software Distribution Service 3.0
RP3430: 10/19/2011 12:50:40 PM - Software Distribution Service 3.0
RP3431: 10/20/2011 12:00:23 PM - Software Distribution Service 3.0
RP3432: 10/20/2011 12:50:02 PM - Software Distribution Service 3.0
RP3433: 10/21/2011 12:00:20 PM - Software Distribution Service 3.0
RP3434: 10/21/2011 12:50:44 PM - Software Distribution Service 3.0
RP3435: 10/22/2011 12:00:20 PM - Software Distribution Service 3.0
RP3436: 10/22/2011 12:50:57 PM - Software Distribution Service 3.0
RP3437: 10/23/2011 12:00:28 PM - Software Distribution Service 3.0
RP3438: 10/23/2011 12:50:50 PM - Software Distribution Service 3.0
RP3439: 10/23/2011 3:46:22 PM - Installed Java(TM) 6 Update 29
RP3440: 10/24/2011 12:00:18 PM - Software Distribution Service 3.0
RP3441: 10/24/2011 12:50:40 PM - Software Distribution Service 3.0
RP3442: 10/25/2011 12:00:19 PM - Software Distribution Service 3.0
RP3443: 10/25/2011 12:50:39 PM - Software Distribution Service 3.0
RP3444: 10/26/2011 12:00:18 PM - Software Distribution Service 3.0
RP3445: 10/26/2011 12:51:30 PM - Software Distribution Service 3.0
RP3446: 10/27/2011 12:00:19 PM - Software Distribution Service 3.0
RP3447: 10/27/2011 12:52:09 PM - Software Distribution Service 3.0
RP3448: 10/27/2011 3:26:56 PM - Software Distribution Service 3.0
RP3449: 10/28/2011 12:00:19 PM - Software Distribution Service 3.0
RP3450: 10/28/2011 12:26:44 PM - Microsoft Antimalware Checkpoint
RP3451: 10/28/2011 12:51:41 PM - Software Distribution Service 3.0
RP3452: 10/28/2011 7:05:15 PM - Software Distribution Service 3.0
RP3453: 10/29/2011 12:00:18 PM - Software Distribution Service 3.0
RP3454: 10/29/2011 12:50:57 PM - Software Distribution Service 3.0
RP3455: 10/29/2011 5:45:08 PM - Microsoft Antimalware Checkpoint
RP3456: 10/30/2011 12:00:18 PM - Software Distribution Service 3.0
RP3457: 10/30/2011 12:52:48 PM - Software Distribution Service 3.0
RP3458: 10/31/2011 10:31:15 AM - Printer Driver doPDF 7 Printer Driver Installed
RP3459: 10/31/2011 12:00:18 PM - Software Distribution Service 3.0
RP3460: 10/31/2011 12:51:41 PM - Software Distribution Service 3.0
RP3461: 11/1/2011 12:00:19 PM - Software Distribution Service 3.0
RP3462: 11/1/2011 2:58:05 PM - Software Distribution Service 3.0
RP3463: 11/2/2011 12:00:18 PM - Software Distribution Service 3.0
RP3464: 11/2/2011 12:49:17 PM - Software Distribution Service 3.0
RP3465: 11/3/2011 12:00:24 PM - Software Distribution Service 3.0
RP3466: 11/3/2011 12:50:44 PM - Software Distribution Service 3.0
RP3467: 11/4/2011 12:00:22 PM - Software Distribution Service 3.0
RP3468: 11/4/2011 12:49:42 PM - Software Distribution Service 3.0
RP3469: 11/5/2011 12:00:58 PM - Software Distribution Service 3.0
RP3470: 11/6/2011 11:34:12 AM - Software Distribution Service 3.0
RP3471: 11/6/2011 12:00:19 PM - Software Distribution Service 3.0
RP3472: 11/7/2011 12:00:20 PM - Software Distribution Service 3.0
RP3473: 11/7/2011 12:24:52 PM - Software Distribution Service 3.0
RP3474: 11/8/2011 12:00:21 PM - Software Distribution Service 3.0
RP3475: 11/8/2011 12:26:24 PM - Software Distribution Service 3.0
RP3476: 11/9/2011 12:00:20 PM - Software Distribution Service 3.0
RP3477: 11/9/2011 12:26:48 PM - Software Distribution Service 3.0
RP3478: 11/10/2011 12:00:27 PM - Software Distribution Service 3.0
RP3479: 11/11/2011 9:41:42 AM - Software Distribution Service 3.0
RP3480: 11/11/2011 12:00:19 PM - Software Distribution Service 3.0
RP3481: 11/12/2011 8:25:17 AM - Restore Operation
RP3482: 11/12/2011 8:33:37 AM - Software Distribution Service 3.0
RP3483: 11/12/2011 12:00:43 PM - Software Distribution Service 3.0
RP3484: 11/12/2011 2:36:43 PM - Software Distribution Service 3.0
RP3485: 11/12/2011 6:27:16 PM - Microsoft Antimalware Checkpoint
RP3486: 11/13/2011 12:00:18 PM - Software Distribution Service 3.0
RP3487: 11/13/2011 8:08:40 PM - Software Distribution Service 3.0
RP3488: 11/14/2011 10:02:14 AM - Software Distribution Service 3.0
RP3489: 11/14/2011 12:00:36 PM - Software Distribution Service 3.0
RP3490: 11/14/2011 1:59:44 PM - OTL Restore Point - 11/14/2011 1:59:34 PM
.
==== Installed Programs ======================
.
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe® Photoshop® Album Starter Edition 3.2
AIM Toolbar 5.0
ALOT Appbar
ALPS Touch Pad Driver
AnyTV 2.10
AOLIcon
aspi
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Belarc Advisor 7.2
Broadcom Management Programs 2
BufferChm
CaddieSync Express 1.0.1
CCHelp
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
CR2
Dell Digital Jukebox Driver
Dell Picture Studio v3.0
Dell ResourceCD
Dell Support Center (Support Software)
Dell System Restore
DellSupport
DeviceManagementQFolder
Digital Line Detect
DivX Codec
ESET Online Scanner v3
ESPNMotion
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ezStart
GemMaster Mystic
Get High Speed Internet!
getPlus(R)_ocx
Ghostery IE Plugin
Google Talk Plugin
HDView for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Imaging Device Functions 7.0
HP Photo Creations
HP Photosmart and Deskjet 7.0 Software
HP Update
hph_software_req
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java Auto Updater
Java(TM) 6 Update 29
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lexmark 640 Series
Logitech SetPoint
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Motorola USB Drivers
Mozilla Firefox 5.0 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
Notifier
OTtBP
Otto
PC Pitstop Optimize2 2.0
PCDLNCH
PowerDVD 5.5
QuickBooks Simple Start 2008
QuickLink Mobile
QuickSet
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SkyCaddie Desktop
Software from PC Software Accounting
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware
SupportSoft Assisted Service
Toolbox
Typing Instructor Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Verizon Mobile Broadband Drivers
Verizon Wireless MiFi-2200 Firmware Updates
VZAccess Manager
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12
.
==== End Of File ===========================

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Tue 15 Nov 2011, 1:45 pm

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Trusted Zone: bild.de\www

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**********************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Tue 15 Nov 2011, 10:54 pm

thank you, dave!
i will attempt this sometime today and post the logs the latest by tomorrow morning

otl done

========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_081704



tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 2:34 am

ComboFix 11-11-15.01 - trauti 11/15/2011 10:13:50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1460 [GMT -5:00]
Running from: c:\documents and settings\trauti\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\trauti\WINDOWS
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 02:05 . 2011-11-15 02:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKslb93708b7.sys
2011-11-15 00:43 . 2011-11-15 00:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl6ae382ca.sys
2011-11-15 00:42 . 2011-11-15 00:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl3e6c99f8.sys
2011-11-15 00:17 . 2011-11-15 00:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl9dd52d46.sys
2011-11-15 00:17 . 2011-11-15 02:05 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\offreg.dll
2011-11-14 21:10 . 2011-11-14 21:10 -------- d-----w- c:\documents and settings\trauti\Application Data\SUPERAntiSpyware.com
2011-11-14 21:09 . 2011-11-14 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-14 21:09 . 2011-11-14 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-14 20:16 . 2011-11-14 20:16 -------- d-----w- C:\_OTL
2011-11-14 15:02 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\mpengine.dll
2011-11-14 13:48 . 2011-11-14 13:49 -------- d-----w- c:\program files\CCleaner
2011-11-12 13:28 . 2011-11-12 13:28 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 15:22 . 2011-11-11 15:22 -------- d-----w- c:\program files\GhosteryIEplugin
2011-10-31 14:31 . 2011-10-31 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2011-10-31 14:31 . 2011-10-31 14:31 -------- d-----w- c:\documents and settings\trauti\Application Data\Softland
2011-10-31 14:26 . 2011-10-31 14:56 -------- d-----w- c:\documents and settings\trauti\Application Data\alotappbar
2011-10-31 14:26 . 2011-10-31 14:26 -------- d-----w- c:\program files\alotappbar
2011-10-22 18:25 . 2011-10-22 18:25 -------- d-----w- c:\documents and settings\trauti\Application Data\Logishrd
2011-10-22 18:02 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-22 18:02 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 16:27 . 2011-06-26 20:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-19 21:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2009-10-18 19:49 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2010-06-07 15:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-11-01 18:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 10:58 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-30 10:58 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32(4).dll
2011-09-06 13:20 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-10-24 01:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-16 04:32 . 2011-06-26 20:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 20:25 605888 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
2011-10-21 14:21 48488 ----a-w- c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files\alotappbar\bin\ALOTHelper.dll" [2011-10-21 48488]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-30 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-15 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaddieSyncConduit]
2011-04-27 20:27 2364792 ----a-w- c:\program files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Cyfre\\ezStart\\ezStart.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\trauti\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:SkyCaddie Desktop
"9210:UDP"= 9210:UDP:SkyCaddie Desktop
.
R1 MpKsl3e6c99f8;MpKsl3e6c99f8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl3e6c99f8.sys [11/14/2011 7:42 PM 28752]
R1 MpKsl6ae382ca;MpKsl6ae382ca;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl6ae382ca.sys [11/14/2011 7:43 PM 28752]
R1 MpKsl9dd52d46;MpKsl9dd52d46;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl9dd52d46.sys [11/14/2011 7:17 PM 28752]
R1 MpKslb93708b7;MpKslb93708b7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKslb93708b7.sys [11/14/2011 9:05 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 9:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 9:24 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl31dc6db8;MpKsl31dc6db8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKsl31dc6db8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKsl31dc6db8.sys [?]
S1 MpKsl46255956;MpKsl46255956;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B4DDE8-56D9-4A65-89EF-CD64D8098526}\MpKsl46255956.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B4DDE8-56D9-4A65-89EF-CD64D8098526}\MpKsl46255956.sys [?]
S1 MpKsl51152092;MpKsl51152092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75131FB4-E296-44E3-8B7E-9B70FBD5468F}\MpKsl51152092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75131FB4-E296-44E3-8B7E-9B70FBD5468F}\MpKsl51152092.sys [?]
S1 MpKsl514225a1;MpKsl514225a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D841D3A7-FB36-4101-97C6-7FAA74A441C7}\MpKsl514225a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D841D3A7-FB36-4101-97C6-7FAA74A441C7}\MpKsl514225a1.sys [?]
S1 MpKsl9ca6f2aa;MpKsl9ca6f2aa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B776421-35BF-40DE-A5D7-F998634631AB}\MpKsl9ca6f2aa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B776421-35BF-40DE-A5D7-F998634631AB}\MpKsl9ca6f2aa.sys [?]
S1 MpKsla049956d;MpKsla049956d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsla049956d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsla049956d.sys [?]
S1 MpKslc2a5156b;MpKslc2a5156b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslc2a5156b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslc2a5156b.sys [?]
S1 MpKslc4152753;MpKslc4152753;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88766831-D887-4268-A200-9FE69700466E}\MpKslc4152753.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88766831-D887-4268-A200-9FE69700466E}\MpKslc4152753.sys [?]
S1 MpKsld269900d;MpKsld269900d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsld269900d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsld269900d.sys [?]
S1 MpKslf208c003;MpKslf208c003;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf208c003.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf208c003.sys [?]
S1 MpKslf2912e18;MpKslf2912e18;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf2912e18.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf2912e18.sys [?]
S1 MpKslf2c092b9;MpKslf2c092b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBC98A9-CF63-4E4C-A94D-1D40F6494600}\MpKslf2c092b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBC98A9-CF63-4E4C-A94D-1D40F6494600}\MpKslf2c092b9.sys [?]
S1 MpKslffe0b922;MpKslffe0b922;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslffe0b922.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslffe0b922.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3E6C99F8
*NewlyCreated* - MPKSL6AE382CA
*NewlyCreated* - MPKSL9DD52D46
*NewlyCreated* - MPKSLB93708B7
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005Core.job
- c:\documents and settings\trauti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 14:12]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005UA.job
- c:\documents and settings\trauti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 14:12]
.
2011-11-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-11-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2011-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
Trusted Zone: bild.de\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-15 10:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-11-15 10:27:32
ComboFix-quarantined-files.txt 2011-11-15 15:27
.
Pre-Run: 46,885,036,032 bytes free
Post-Run: 46,997,745,664 bytes free
.
- - End Of File - - 9B47BAACF95CE43489D87164E0421E49

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 3:01 am

dave, any idea what i caught and why?????

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Wed 16 Nov 2011, 6:07 am

Please download: HiJackThis to your Desktop.

  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  • Accept the license agreement.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following. Please place a check mark next to this/these line/lines.
Trusted Zone: bild.de\www

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*******************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 6:45 am

dave, i will try and get this done asap. i have not been to bild.de [a german newspaper] in months. can my laptop get infected without a visit to the site?
i will follow your advice and remove it from my trusted sites - i believe it's the only one there - but am curious ......

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 7:25 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:14 PM, on 11/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Secunia\PSI\sua.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - [You must be registered and logged in to see this link.]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - [You must be registered and logged in to see this link.]
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8041380E-42BC-472B-95C9-0DEAD15A01D5}: NameServer = 66.174.95.44 69.78.96.14
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12564 bytes

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 7:44 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B11A2000
Module End: B11BA000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5E2000
Module End: BA5E4000
Hidden: Yes

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl9dd52d46.sys
Service Name: MpKsl9dd52d46
Module Base: BA430000
Module End: BA436000
Hidden: Yes

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl3e6c99f8.sys
Service Name: MpKsl3e6c99f8
Module Base: BA3D0000
Module End: BA3D6000
Hidden: Yes

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl6ae382ca.sys
Service Name: MpKsl6ae382ca
Module Base: BA408000
Module End: BA40E000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BA61E000
Module End: BA620000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\trauti\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: BA358000
Module End: BA360000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: B12AF640
Driver Base: B12A5000
Driver End: B12C7000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Wed 16 Nov 2011, 10:30 am

dave, i will try and get this done asap. i have not been to bild.de [a german newspaper] in months. can my laptop get infected without a visit to the site?
i will follow your advice and remove it from my trusted sites - i believe it's the only one there - but am curious .......
As mentioned, it makes your computer more vulnerable. It is possible to get hit with a drive-by infection. You don't necessarily have to visit a site. I had my laptop infected just by looking for a free AV.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Wed 16 Nov 2011, 11:23 pm

C:\Documents and Settings\trauti\Application Data\Sun\Java\Deployment\cache\6.0\55\a45c577-74193060 Java/Exploit.Agent.NAO trojan

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Thu 17 Nov 2011, 12:11 am

C:\Documents and Settings\trauti\Application Data\Sun\Java\Deployment\cache\6.0\55\a45c577-74193060 Java/Exploit.Agent.NAO trojan


sorry for the double message - while refreshing the page i was asked to save or modify

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Superdave on Sun 20 Nov 2011, 7:00 am

I'm so sorry for being so late. I didn't receive any notification that you had responded. How's your computer working now? Are there any other issues before we do some cleanup?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by tiburonfirst on Sun 20 Nov 2011, 7:54 am

hi, dave - i thought something was not right since you always responded in the evenings before.
the laptop is acting some better but, while waiting on your response, ie shut down twice with the notice ''java has stopped working''.
remembering gp's advice from last year i downloaded a fresh copy and stored it on my desktop. but the add/remove programs feature in xp is not working.
going to java's website i'm told i have the proper version but still occasionally everything hangs.
do you think eset has removed the nao trojan???

edit - i just tried again and this time java was removed and i reinstalled it from my desktop.
i guess that leaves only the cleanup. should i uninstall all scans and what is the best way?

tiburonfirst

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-10-25
Operating System : xp pro media edition

View user profile

Back to top Go down

Solved Re: Recurring Exploit:java/blacole.ae

Post by Sponsored content Today at 11:02 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum