WiredWX Hobby Weather ToolsLog in

 


Recurring Exploit:java/blacole.ae

2 posters

descriptionSolvedRecurring Exploit:java/blacole.ae

more_horiz
hi, i would appreciate some help. on 11-12 at 7:27pm mse removed blacole.ae and java/cve-2010-0840.mz. checking my history in mse since my laptop is running extremely slow, i found blacole.ae was allowed 7 minutes later at 7:34pm even though my settings specify to remove any severe thread.
atm i'm running a full scan with mse again but it looks as if i might need additional help. Let me think

i will download and post the requested scans and logs as soon as mse has finished.


first scan - security check

Results of screen317's Security Check version 0.99.26
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (5.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
OTL Extras logfile created on: 11/14/2011 1:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\trauti\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.28% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 43.95 Gb Free Space | 62.94% Space Free | Partition Type: NTFS

Computer Name: LAPSTER | User Name: trauti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9212:TCP" = 9212:TCP:*:Enabled:SkyCaddie Desktop
"9210:UDP" = 9210:UDP:*:Enabled:SkyCaddie Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal -- (Lavasoft Sweden)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Cyfre\ezStart\ezStart.exe" = C:\Program Files\Cyfre\ezStart\ezStart.exe:*:Enabled:ezStart for Wireless Broadband Router -- ()
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BFF4D05-66DD-428D-BD05-85FF90174846}" = Software from PC Software Accounting
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}" = Verizon Wireless MiFi-2200 Firmware Updates
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}" = HP Deskjet 1000 J110 series Product Improvement Study
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E332FF49-A8D3-4582-9448-50FBB1ADA43D}" = ezStart
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM Toolbar" = AIM Toolbar 5.0
"alotAppbar" = ALOT Appbar
"AnyTV_is1" = AnyTV 2.10
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 7.2
"CaddieSync Express" = CaddieSync Express 1.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"getPlus(R)_ocx" = getPlus(R)_ocx
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"Lexmark 640 Series" = Lexmark 640 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Motorola USB Drivers" = Motorola USB Drivers
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickLink Mobile" = QuickLink Mobile
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SkyCaddieDesktop" = SkyCaddie Desktop
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2011 10:42:02 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {A706B369-EAB1-4B2C-8851-DE5A897DB4F6} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\eventserver.cpp(2334),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\eventserver.cpp(2334),
hr = 80040154: Failed to CoCreate EventSystem objec

Error - 11/14/2011 10:42:28 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {54A02444-20E5-43A9-B594-5283DE7A9632} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 11/14/2011 10:42:29 AM | Computer Name = LAPSTER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 11/14/2011 12:06:49 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ghosterymimefilter.dll, version 2.4.2.0, fault address 0x0001898f.

Error - 11/14/2011 12:07:03 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1001
Description = Fault bucket -1773854309.

Error - 11/14/2011 1:00:14 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ghosterymimefilter.dll, version 2.4.2.0, fault address 0x0001898f.

Error - 11/14/2011 1:00:27 PM | Computer Name = LAPSTER | Source = Application Error | ID = 1001
Description = Fault bucket -1773854309.

[ System Events ]
Error - 10/30/2011 6:20:05 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/30/2011 11:10:21 PM | Computer Name = LAPSTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 0012F0A29D71.

Error - 10/31/2011 12:01:36 PM | Computer Name = LAPSTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/1/2011 11:27:32 AM | Computer Name = LAPSTER | Source = PSched | ID = 14103
Description = QoS [Adapter {3315C39E-2491-44E8-8F6A-9145EF252908}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/1/2011 12:01:40 PM | Computer Name = LAPSTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/1/2011 2:43:55 PM | Computer Name = LAPSTER | Source = PSched | ID = 14103
Description = QoS [Adapter {3315C39E-2491-44E8-8F6A-9145EF252908}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/1/2011 6:35:34 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2011 6:35:34 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2011 6:35:49 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2011 6:35:49 PM | Computer Name = LAPSTER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
OTL logfile created on: 11/14/2011 1:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\trauti\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.40% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.28% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 43.95 Gb Free Space | 62.94% Space Free | Partition Type: NTFS

Computer Name: LAPSTER | User Name: trauti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 12:19:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
PRC - [2011/09/30 05:58:32 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/03/04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 16:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 14:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE
PRC - [2000/06/29 03:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 11:28:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 11:20:21 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 11:20:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/03/04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
MOD - [2004/12/23 15:47:36 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2004/09/07 16:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/08/10 06:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/06/18 09:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2000/06/29 03:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 10:03:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl03896dd2.sys -- (MpKsl03896dd2)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/10 00:56:20 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/07/22 23:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 23:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/07/22 23:41:18 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/04 03:34:26 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/03/25 19:37:08 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2004/03/25 19:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2000/02/03 14:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oldhalifax.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.oldhalifax.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/30 05:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 05:58:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 05:59:22 | 000,000,000 | ---D | M]

[2011/02/28 14:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Extensions
[2011/04/29 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\extensions
[2011/02/28 15:01:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/23 14:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 11:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 13:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/11 14:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/23 14:47:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/06/15 23:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 03:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 03:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\trauti\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\trauti\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/02/27 15:38:36 | 000,000,154 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 connect.facebook.net
O1 - Hosts: 127.0.0.1 google-analytics.com
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O15 - HKCU\..Trusted Domains: bild.de ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.pcpitstop.com/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133708294343 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134058236765 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://ulrich.dyndns-ip.com/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F714057B-7FBE-4672-A80A-9D51756356D1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files\GhosteryIEplugin\GhosteryMimeFilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\trauti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\trauti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CaddieSyncConduit - hkey= - key= - C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 12:18:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
[2011/11/14 12:17:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2011/11/14 08:58:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\trauti\Recent
[2011/11/14 08:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/14 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/14 08:38:59 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/11/11 10:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\GhosteryIEplugin
[2011/10/31 09:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/10/31 09:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\Softland
[2011/10/31 09:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\alotappbar
[2011/10/31 09:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\alotappbar
[2011/10/23 14:47:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/23 14:47:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/23 14:47:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/22 13:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\trauti\Application Data\Logishrd
[2011/10/22 13:02:36 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[43 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/14 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/14 13:54:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
[2011/11/14 13:54:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
[2011/11/14 13:49:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\MBR.dat
[2011/11/14 13:08:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005UA.job
[2011/11/14 12:42:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/14 12:19:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\trauti\Desktop\OTL.com
[2011/11/14 12:17:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2011/11/14 12:08:45 | 000,879,569 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2011/11/14 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/14 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/14 09:43:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/14 09:42:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 09:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 08:49:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/14 08:39:07 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/11/13 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/13 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/13 17:08:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005Core.job
[2011/11/13 14:34:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/10 14:23:38 | 000,478,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/10 14:23:38 | 000,086,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 11:27:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/31 09:38:32 | 000,003,555 | ---- | M] () -- C:\Documents and Settings\trauti\My Documents\Evidence of Value.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[43 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 13:49:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\trauti\Desktop\MBR.dat
[2011/11/14 12:08:39 | 000,879,569 | ---- | C] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2011/11/14 08:49:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/04 08:54:21 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/10/31 09:38:30 | 000,003,555 | ---- | C] () -- C:\Documents and Settings\trauti\My Documents\Evidence of Value.pdf
[2011/10/31 09:31:05 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2010/10/23 17:57:19 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\start
[2010/10/23 17:44:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\completescan
[2010/10/23 17:39:11 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\install
[2010/08/14 14:13:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/29 17:20:38 | 000,123,109 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/07/29 17:20:37 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2008/06/16 07:53:07 | 000,123,135 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2008/06/16 07:53:06 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2008/06/16 07:52:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/12 08:04:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/21 18:22:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/01/27 08:03:19 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/01/11 09:52:49 | 000,000,252 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/11/02 11:21:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Helpfile.ini
[2007/11/02 11:21:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007/11/02 11:21:41 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2007/11/02 11:21:41 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007/11/02 11:21:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007/11/02 11:21:41 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2007/09/17 09:16:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.trauti.ini
[2007/08/21 10:00:28 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Clipbook.INI
[2007/04/16 12:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/09 11:29:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/30 05:55:24 | 000,745,768 | ---- | C] () -- C:\WINDOWS\System32\wodTelnetDLX.dll
[2005/12/24 21:46:42 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\trauti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/15 11:22:17 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2005/12/15 11:21:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2005/12/15 11:21:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2005/10/29 17:09:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/14 16:02:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/14 16:02:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B2D02B9504.sys
[2005/07/26 07:11:16 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\PFP120JPR.{PB
[2005/07/26 07:11:16 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\trauti\Application Data\PFP120JCM.{PB
[2005/07/20 09:39:59 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\trauti\Local Settings\Application Data\fusioncache.dat
[2005/07/15 16:39:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/15 16:26:49 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/15 16:22:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/15 16:15:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/07/15 15:49:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/07/15 15:49:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/15 15:48:50 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/04 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:20:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 16:03:04 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 15:57:07 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 15:49:47 | 000,478,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 15:49:47 | 000,086,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/10 06:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/23 14:17:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/01/10 23:01:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ANXFTPRO.dll
[2000/10/11 01:26:18 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\TALITF32.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2007/12/14 09:59:16 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\trauti\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2005/07/15 16:07:23 | 000,000,310 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\convert.log

< %USERPROFILE%\Desktop\*.exe >
[2009/01/01 21:32:18 | 023,804,784 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\aaw2008.exe
[2011/11/14 12:17:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\trauti\Desktop\aswMBR.exe
[2009/06/14 11:08:13 | 005,137,016 | ---- | M] (SkyHawke Technologies, LLC) -- C:\Documents and Settings\trauti\Desktop\CaddieSyncSetupE.exe
[2011/11/14 08:39:07 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\trauti\Desktop\ccsetup312.exe
[2011/01/23 17:48:44 | 000,225,672 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\CrucialScan.exe
[2010/01/18 18:15:26 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\FileFormatConverters.exe
[2009/11/19 08:04:48 | 001,855,888 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\install_easyshare8.exe
[2011/10/11 14:17:54 | 000,908,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\trauti\Desktop\JavaSetup6u27.exe
[2009/10/03 06:16:09 | 009,052,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\MSNOIE8_ENUS_XPL.EXE
[2011/09/29 09:03:27 | 002,358,416 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\trauti\Desktop\ParetoLogic FileCure.exe
[2009/11/22 15:12:59 | 009,414,136 | ---- | M] (Google Inc.) -- C:\Documents and Settings\trauti\Desktop\picasa35-setup.exe
[2011/03/07 15:21:17 | 001,739,024 | ---- | M] (Secunia) -- C:\Documents and Settings\trauti\Desktop\PSISetup - secunia.exe
[2008/12/29 12:42:54 | 298,000,168 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\trauti\Desktop\QuickBooksSimpleStartDirect2008.exe
[2011/09/30 05:45:38 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\trauti\Desktop\RealPlayer.exe
[2011/11/14 12:08:45 | 000,879,569 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\SecurityCheck.exe
[2008/02/04 15:56:45 | 000,525,048 | ---- | M] () -- C:\Documents and Settings\trauti\Desktop\Setup_QuickBooks_SimpleStart_Direct_2008.exe
[2009/06/08 21:38:06 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\trauti\Desktop\wordview_en-us.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/15 23:32:38 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/15 23:32:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/15 23:32:38 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[46 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/11/01 14:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/01/18 09:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/02/04 15:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai
[2007/05/12 16:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\Alltel
[2007/05/12 14:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alltel(2)
[2011/10/31 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\alotappbar
[2007/12/21 19:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/10/13 20:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2005/07/15 16:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2008/10/20 06:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2008/03/21 18:22:56 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2005/07/15 16:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2005/12/15 11:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2011/11/14 08:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/10/11 14:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/19 16:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/07/15 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2005/07/15 16:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/06/01 11:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Cyfre
[2006/09/09 11:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/07/15 16:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2007/11/21 07:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/05/17 19:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2005/07/15 16:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2004/08/19 16:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\DIGStream
[2008/06/30 23:00:45 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2004/08/19 16:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2008/07/12 20:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/10/30 18:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2004/08/19 16:16:26 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2008/01/26 18:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2004/08/19 16:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/11/11 10:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\GhosteryIEplugin
[2009/02/25 10:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/04/20 13:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/02/02 09:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2011/06/26 12:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\IDrive
[2011/06/26 15:08:40 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/07/15 16:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/07/15 16:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2011/10/13 11:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/02/05 06:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2006/06/14 11:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/10/23 14:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/11/06 08:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/07/15 14:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2005/07/15 16:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2008/01/11 09:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 640 Series
[2011/06/26 15:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/09/19 20:36:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 12:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2008/12/11 11:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/08/14 14:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/03/03 15:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2007/05/10 04:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/04/26 08:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Easy Assist
[2004/08/19 16:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/24 21:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/29 06:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/07/15 16:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/07/15 16:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2008/09/16 09:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Research
[2011/08/03 13:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2010/10/23 19:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/14 14:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2005/07/15 16:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2007/10/29 16:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers
[2007/05/12 14:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers(2)
[2010/08/12 08:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/12 07:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/05/18 20:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox(2)
[2009/08/15 08:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/06/08 22:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/19 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/19 16:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/14 15:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/07/15 16:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/12/11 11:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/07/15 16:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/03/07 21:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2004/08/19 16:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 12:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/01 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\PANTECH
[2008/05/18 20:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2011/09/30 05:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/15 08:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2004/08/19 16:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2008/07/10 23:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\RogueRemover FREE
[2011/06/26 15:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2009/06/14 11:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\SG2
[2005/07/15 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2011/08/06 07:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\SkyGolf
[2005/10/26 06:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/10/24 15:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/04/04 05:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\TrojanHunter 5.0
[2011/09/03 15:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\Typing Instructor Deluxe
[2004/08/19 16:14:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/08 09:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2005/11/25 21:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/10/27 05:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/04/03 06:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2005/12/03 15:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/11 11:13:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/19 16:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2004/08/19 16:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/07/15 16:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/19 16:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/11/02 11:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2008/08/10 07:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/12/11 11:02:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-14 17:01:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 23:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 23:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

< >

< >

< >

< >

< >

< >

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
:Files

C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At7.job

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Recurring Exploit:java/blacole.ae Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

Recurring Exploit:java/blacole.ae DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
i hope i copied and pasted everything needed - got the message that my post are too long. thought i posted avast results but now i don't see them above

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-14 13:48:19
-----------------------------
13:48:19.421 OS Version: Windows 5.1.2600 Service Pack 3
13:48:19.421 Number of processors: 1 586 0xD08
13:48:19.421 ComputerName: LAPSTER UserName: trauti
13:48:20.781 Initialize success
13:48:48.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:48:48.265 Disk 0 Vendor: TOSHIBA_MK8026GAX PA002D Size: 76319MB BusType: 3
13:48:50.296 Disk 0 MBR read successfully
13:48:50.296 Disk 0 MBR scan
13:48:50.296 Disk 0 unknown MBR code
13:48:50.296 Disk 0 scanning sectors +156296385
13:48:50.390 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:02.140 Service scanning
13:49:02.906 Service MpKsl03896dd2 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl03896dd2.sys **LOCKED** 32
13:49:03.625 Modules scanning
13:49:11.890 Disk 0 trace - called modules:
13:49:11.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:49:11.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a948ab8]
13:49:11.921 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8b9d98]
13:49:11.921 Scan finished successfully
13:49:58.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\trauti\Desktop\MBR.dat"
13:49:58.375 The log file has been saved successfully to "C:\Documents and Settings\trauti\Desktop\aswMBRlog.txt"

dave, i will proceed with your instructions which you posted while i was struggling to get all the logs online


descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
========== OTL ==========
========== FILES ==========
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_151626

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
thought i posted avast results but now i don't see them above

That's ok. I really don't need to see the results of the Avast scan.
If the logs are too long you will have to split them into two or more posts.

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
results of superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2011 at 07:10 PM

Application Version : 5.0.1136

Core Rules Database Version : 7940
Trace Rules Database Version: 5752

Scan type : Complete Scan
Total Scan Time : 02:49:57

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 38208
Registry threats detected : 0
File items scanned : 110090
File threats detected : 31

Rogue.MSE-Fraud
C:\Documents and Settings\trauti\Application Data\install
C:\Documents and Settings\trauti\Application Data\completescan

Adware.Tracking Cookie
C:\Documents and Settings\trauti\Cookies\NJIH48LM.txt [ /ad3.adfarm1.adition.com ]
C:\Documents and Settings\trauti\Cookies\6Y09E94H.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\trauti\Cookies\96Y51TKP.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\trauti\Cookies\25KKWOFZ.txt [ /questionmarket.com ]
C:\Documents and Settings\trauti\Cookies\JJ65WPUH.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\trauti\Cookies\N0GRPE0I.txt [ /clickbooth.com ]
C:\Documents and Settings\trauti\Cookies\DO30NPA2.txt [ /adxpose.com ]
C:\Documents and Settings\trauti\Cookies\9NTZGNEG.txt [ /ads.ookla.com ]
C:\Documents and Settings\trauti\Cookies\YG5GWKA7.txt [ /collective-media.net ]
C:\Documents and Settings\trauti\Cookies\IROT9YWK.txt [ /accounts.google.com ]
C:\Documents and Settings\trauti\Cookies\1F3UFB36.txt [ /kontera.com ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@bestoffersnetworks[1].txt [ Cookie:michael@bestoffersnetworks.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@www.burstbeacon[1].txt [ Cookie:michael@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@btg.btgrab[1].txt [ Cookie:michael@btg.btgrab.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@offeroptimizer[1].txt [ Cookie:michael@offeroptimizer.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@burstnet[2].txt [ Cookie:michael@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@www.pornhub[2].txt [ Cookie:michael@www.pornhub.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@500[2].txt [ Cookie:michael@jkazaa.cjt1.net/HTM/500 ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\Cookies\michael@need2find[2].txt [ Cookie:michael@need2find.com/ ]
C:\DOCUMENTS AND SETTINGS\TRAUTI\Cookies\9VPS0DUN.txt [ Cookie:trauti@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@2O7[2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@ADKNOWLEDGE[2].TXT [ /ADKNOWLEDGE ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@ADOPT.HBMEDIAPRO[2].TXT [ /ADOPT.HBMEDIAPRO ]
C:\DOCUMENTS AND SETTINGS\MICHAEL\COOKIES\MICHAEL@CLIKS[1].TXT [ /CLIKS ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\TRAUTI\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Adware.RX Toolbar
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\COMMONNAME.ZIP )/RXTOOLBAR.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\COMMONNAME.ZIP

will now do mbam - slow going!

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
and mbam

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8163

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/14/2011 8:50:56 PM
mbam-log-2011-11-14 (20-50-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 283399
Time elapsed: 1 hour(s), 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by trauti at 20:56:04 on 2011-11-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1269 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.oldhalifax.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Google Update] "c:\documents and settings\trauti\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: bild.de\www
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.pcpitstop.com/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133708294343
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134058236765
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://ulrich.dyndns-ip.com/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: Interfaces\{F714057B-7FBE-4672-A80A-9D51756356D1} : DhcpNameServer = 192.168.1.1
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\trauti\application data\mozilla\firefox\profiles\bclwurc4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.oldhalifax.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\trauti\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\trauti\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\trauti\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl3e6c99f8;MpKsl3e6c99f8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl3e6c99f8.sys [2011-11-14 28752]
R1 MpKsl6ae382ca;MpKsl6ae382ca;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl6ae382ca.sys [2011-11-14 28752]
R1 MpKsl9dd52d46;MpKsl9dd52d46;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl9dd52d46.sys [2011-11-14 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 MpKsl31dc6db8;MpKsl31dc6db8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpksl31dc6db8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKsl31dc6db8.sys [?]
S1 MpKsl46255956;MpKsl46255956;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62b4dde8-56d9-4a65-89ef-cd64d8098526}\mpksl46255956.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62b4dde8-56d9-4a65-89ef-cd64d8098526}\MpKsl46255956.sys [?]
S1 MpKsl51152092;MpKsl51152092;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75131fb4-e296-44e3-8b7e-9b70fbd5468f}\mpksl51152092.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75131fb4-e296-44e3-8b7e-9b70fbd5468f}\MpKsl51152092.sys [?]
S1 MpKsl514225a1;MpKsl514225a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d841d3a7-fb36-4101-97c6-7faa74a441c7}\mpksl514225a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d841d3a7-fb36-4101-97c6-7faa74a441c7}\MpKsl514225a1.sys [?]
S1 MpKsl9ca6f2aa;MpKsl9ca6f2aa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b776421-35bf-40de-a5d7-f998634631ab}\mpksl9ca6f2aa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b776421-35bf-40de-a5d7-f998634631ab}\MpKsl9ca6f2aa.sys [?]
S1 MpKsla049956d;MpKsla049956d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\mpksla049956d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\MpKsla049956d.sys [?]
S1 MpKslc2a5156b;MpKslc2a5156b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpkslc2a5156b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKslc2a5156b.sys [?]
S1 MpKslc4152753;MpKslc4152753;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88766831-d887-4268-a200-9fe69700466e}\mpkslc4152753.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88766831-d887-4268-a200-9fe69700466e}\MpKslc4152753.sys [?]
S1 MpKsld269900d;MpKsld269900d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\mpksld269900d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c2fab2f-0298-47cf-90f9-2a2c184214ef}\MpKsld269900d.sys [?]
S1 MpKslf208c003;MpKslf208c003;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\mpkslf208c003.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\MpKslf208c003.sys [?]
S1 MpKslf2912e18;MpKslf2912e18;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\mpkslf2912e18.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f8956a-df88-459e-aeb8-ca54e7273460}\MpKslf2912e18.sys [?]
S1 MpKslf2c092b9;MpKslf2c092b9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6cbc98a9-cf63-4e4c-a94d-1d40f6494600}\mpkslf2c092b9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6cbc98a9-cf63-4e4c-a94d-1d40f6494600}\MpKslf2c092b9.sys [?]
S1 MpKslffe0b922;MpKslffe0b922;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\mpkslffe0b922.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8a5cb7-fe57-4e80-ae42-7d05f5a421ea}\MpKslffe0b922.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
.
=============== Created Last 30 ================
.
2011-11-15 00:43:04 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl6ae382ca.sys
2011-11-15 00:42:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl3e6c99f8.sys
2011-11-15 00:39:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-15 00:17:16 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\MpKsl9dd52d46.sys
2011-11-15 00:17:08 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\offreg.dll
2011-11-14 21:10:47 -------- d-----w- c:\documents and settings\trauti\application data\SUPERAntiSpyware.com
2011-11-14 21:09:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-14 21:09:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-14 20:16:26 -------- d-----w- C:\_OTL
2011-11-14 15:02:34 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69c17105-d8de-4c6e-86c7-694ebd812415}\mpengine.dll
2011-11-14 13:48:51 -------- d-----w- c:\program files\CCleaner
2011-11-12 13:28:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-12 13:28:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 15:22:17 -------- d-----w- c:\program files\GhosteryIEplugin
2011-10-31 14:31:20 -------- d-----w- c:\documents and settings\trauti\application data\Softland
2011-10-31 14:26:30 -------- d-----w- c:\documents and settings\trauti\application data\alotappbar
2011-10-31 14:26:28 -------- d-----w- c:\program files\alotappbar
2011-10-22 18:25:37 -------- d-----w- c:\documents and settings\trauti\application data\Logishrd
2011-10-22 18:02:36 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-22 18:02:36 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
==================== Find3M ====================
.
2011-11-05 16:27:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 10:58:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-30 10:58:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(4).dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 20:57:34.45 ===============

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2005 3:08:34 PM
System Uptime: 11/14/2011 7:15:15 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1595/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 43.75 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1A69ECE1484FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1A69ECE1484FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP3412: 10/10/2011 1:02:32 PM - Software Distribution Service 3.0
RP3413: 10/11/2011 12:00:19 PM - Software Distribution Service 3.0
RP3414: 10/11/2011 2:38:16 PM - Software Distribution Service 3.0
RP3415: 10/11/2011 3:19:27 PM - Installed Java(TM) 6 Update 27
RP3416: 10/12/2011 2:38:41 PM - Software Distribution Service 3.0
RP3417: 10/13/2011 12:00:27 PM - Software Distribution Service 3.0
RP3418: 10/14/2011 12:00:21 PM - Software Distribution Service 3.0
RP3419: 10/14/2011 12:53:40 PM - Software Distribution Service 3.0
RP3420: 10/15/2011 12:00:19 PM - Software Distribution Service 3.0
RP3421: 10/15/2011 12:49:13 PM - Software Distribution Service 3.0
RP3422: 10/16/2011 12:00:19 PM - Software Distribution Service 3.0
RP3423: 10/16/2011 12:50:56 PM - Software Distribution Service 3.0
RP3424: 10/17/2011 12:00:18 PM - Software Distribution Service 3.0
RP3425: 10/17/2011 12:49:34 PM - Software Distribution Service 3.0
RP3426: 10/17/2011 9:07:21 PM - Microsoft Antimalware Checkpoint
RP3427: 10/18/2011 12:00:43 PM - Software Distribution Service 3.0
RP3428: 10/18/2011 12:52:22 PM - Software Distribution Service 3.0
RP3429: 10/19/2011 12:00:19 PM - Software Distribution Service 3.0
RP3430: 10/19/2011 12:50:40 PM - Software Distribution Service 3.0
RP3431: 10/20/2011 12:00:23 PM - Software Distribution Service 3.0
RP3432: 10/20/2011 12:50:02 PM - Software Distribution Service 3.0
RP3433: 10/21/2011 12:00:20 PM - Software Distribution Service 3.0
RP3434: 10/21/2011 12:50:44 PM - Software Distribution Service 3.0
RP3435: 10/22/2011 12:00:20 PM - Software Distribution Service 3.0
RP3436: 10/22/2011 12:50:57 PM - Software Distribution Service 3.0
RP3437: 10/23/2011 12:00:28 PM - Software Distribution Service 3.0
RP3438: 10/23/2011 12:50:50 PM - Software Distribution Service 3.0
RP3439: 10/23/2011 3:46:22 PM - Installed Java(TM) 6 Update 29
RP3440: 10/24/2011 12:00:18 PM - Software Distribution Service 3.0
RP3441: 10/24/2011 12:50:40 PM - Software Distribution Service 3.0
RP3442: 10/25/2011 12:00:19 PM - Software Distribution Service 3.0
RP3443: 10/25/2011 12:50:39 PM - Software Distribution Service 3.0
RP3444: 10/26/2011 12:00:18 PM - Software Distribution Service 3.0
RP3445: 10/26/2011 12:51:30 PM - Software Distribution Service 3.0
RP3446: 10/27/2011 12:00:19 PM - Software Distribution Service 3.0
RP3447: 10/27/2011 12:52:09 PM - Software Distribution Service 3.0
RP3448: 10/27/2011 3:26:56 PM - Software Distribution Service 3.0
RP3449: 10/28/2011 12:00:19 PM - Software Distribution Service 3.0
RP3450: 10/28/2011 12:26:44 PM - Microsoft Antimalware Checkpoint
RP3451: 10/28/2011 12:51:41 PM - Software Distribution Service 3.0
RP3452: 10/28/2011 7:05:15 PM - Software Distribution Service 3.0
RP3453: 10/29/2011 12:00:18 PM - Software Distribution Service 3.0
RP3454: 10/29/2011 12:50:57 PM - Software Distribution Service 3.0
RP3455: 10/29/2011 5:45:08 PM - Microsoft Antimalware Checkpoint
RP3456: 10/30/2011 12:00:18 PM - Software Distribution Service 3.0
RP3457: 10/30/2011 12:52:48 PM - Software Distribution Service 3.0
RP3458: 10/31/2011 10:31:15 AM - Printer Driver doPDF 7 Printer Driver Installed
RP3459: 10/31/2011 12:00:18 PM - Software Distribution Service 3.0
RP3460: 10/31/2011 12:51:41 PM - Software Distribution Service 3.0
RP3461: 11/1/2011 12:00:19 PM - Software Distribution Service 3.0
RP3462: 11/1/2011 2:58:05 PM - Software Distribution Service 3.0
RP3463: 11/2/2011 12:00:18 PM - Software Distribution Service 3.0
RP3464: 11/2/2011 12:49:17 PM - Software Distribution Service 3.0
RP3465: 11/3/2011 12:00:24 PM - Software Distribution Service 3.0
RP3466: 11/3/2011 12:50:44 PM - Software Distribution Service 3.0
RP3467: 11/4/2011 12:00:22 PM - Software Distribution Service 3.0
RP3468: 11/4/2011 12:49:42 PM - Software Distribution Service 3.0
RP3469: 11/5/2011 12:00:58 PM - Software Distribution Service 3.0
RP3470: 11/6/2011 11:34:12 AM - Software Distribution Service 3.0
RP3471: 11/6/2011 12:00:19 PM - Software Distribution Service 3.0
RP3472: 11/7/2011 12:00:20 PM - Software Distribution Service 3.0
RP3473: 11/7/2011 12:24:52 PM - Software Distribution Service 3.0
RP3474: 11/8/2011 12:00:21 PM - Software Distribution Service 3.0
RP3475: 11/8/2011 12:26:24 PM - Software Distribution Service 3.0
RP3476: 11/9/2011 12:00:20 PM - Software Distribution Service 3.0
RP3477: 11/9/2011 12:26:48 PM - Software Distribution Service 3.0
RP3478: 11/10/2011 12:00:27 PM - Software Distribution Service 3.0
RP3479: 11/11/2011 9:41:42 AM - Software Distribution Service 3.0
RP3480: 11/11/2011 12:00:19 PM - Software Distribution Service 3.0
RP3481: 11/12/2011 8:25:17 AM - Restore Operation
RP3482: 11/12/2011 8:33:37 AM - Software Distribution Service 3.0
RP3483: 11/12/2011 12:00:43 PM - Software Distribution Service 3.0
RP3484: 11/12/2011 2:36:43 PM - Software Distribution Service 3.0
RP3485: 11/12/2011 6:27:16 PM - Microsoft Antimalware Checkpoint
RP3486: 11/13/2011 12:00:18 PM - Software Distribution Service 3.0
RP3487: 11/13/2011 8:08:40 PM - Software Distribution Service 3.0
RP3488: 11/14/2011 10:02:14 AM - Software Distribution Service 3.0
RP3489: 11/14/2011 12:00:36 PM - Software Distribution Service 3.0
RP3490: 11/14/2011 1:59:44 PM - OTL Restore Point - 11/14/2011 1:59:34 PM
.
==== Installed Programs ======================
.
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe® Photoshop® Album Starter Edition 3.2
AIM Toolbar 5.0
ALOT Appbar
ALPS Touch Pad Driver
AnyTV 2.10
AOLIcon
aspi
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Belarc Advisor 7.2
Broadcom Management Programs 2
BufferChm
CaddieSync Express 1.0.1
CCHelp
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
CR2
Dell Digital Jukebox Driver
Dell Picture Studio v3.0
Dell ResourceCD
Dell Support Center (Support Software)
Dell System Restore
DellSupport
DeviceManagementQFolder
Digital Line Detect
DivX Codec
ESET Online Scanner v3
ESPNMotion
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ezStart
GemMaster Mystic
Get High Speed Internet!
getPlus(R)_ocx
Ghostery IE Plugin
Google Talk Plugin
HDView for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Imaging Device Functions 7.0
HP Photo Creations
HP Photosmart and Deskjet 7.0 Software
HP Update
hph_software_req
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java Auto Updater
Java(TM) 6 Update 29
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lexmark 640 Series
Logitech SetPoint
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Motorola USB Drivers
Mozilla Firefox 5.0 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
Notifier
OTtBP
Otto
PC Pitstop Optimize2 2.0
PCDLNCH
PowerDVD 5.5
QuickBooks Simple Start 2008
QuickLink Mobile
QuickSet
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SkyCaddie Desktop
Software from PC Software Accounting
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware
SupportSoft Assisted Service
Toolbox
Typing Instructor Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Verizon Mobile Broadband Drivers
Verizon Wireless MiFi-2200 Firmware Updates
VZAccess Manager
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12
.
==== End Of File ===========================

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Trusted Zone: bild.de\www

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**********************************************************
Please download ComboFix Recurring Exploit:java/blacole.ae Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Recurring Exploit:java/blacole.ae Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Recurring Exploit:java/blacole.ae RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
thank you, dave!
i will attempt this sometime today and post the logs the latest by tomorrow morning

otl done

========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_081704


descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
ComboFix 11-11-15.01 - trauti 11/15/2011 10:13:50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1460 [GMT -5:00]
Running from: c:\documents and settings\trauti\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\trauti\WINDOWS
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 02:05 . 2011-11-15 02:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKslb93708b7.sys
2011-11-15 00:43 . 2011-11-15 00:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl6ae382ca.sys
2011-11-15 00:42 . 2011-11-15 00:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl3e6c99f8.sys
2011-11-15 00:17 . 2011-11-15 00:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl9dd52d46.sys
2011-11-15 00:17 . 2011-11-15 02:05 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\offreg.dll
2011-11-14 21:10 . 2011-11-14 21:10 -------- d-----w- c:\documents and settings\trauti\Application Data\SUPERAntiSpyware.com
2011-11-14 21:09 . 2011-11-14 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-14 21:09 . 2011-11-14 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-14 20:16 . 2011-11-14 20:16 -------- d-----w- C:\_OTL
2011-11-14 15:02 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\mpengine.dll
2011-11-14 13:48 . 2011-11-14 13:49 -------- d-----w- c:\program files\CCleaner
2011-11-12 13:28 . 2011-11-12 13:28 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 15:22 . 2011-11-11 15:22 -------- d-----w- c:\program files\GhosteryIEplugin
2011-10-31 14:31 . 2011-10-31 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2011-10-31 14:31 . 2011-10-31 14:31 -------- d-----w- c:\documents and settings\trauti\Application Data\Softland
2011-10-31 14:26 . 2011-10-31 14:56 -------- d-----w- c:\documents and settings\trauti\Application Data\alotappbar
2011-10-31 14:26 . 2011-10-31 14:26 -------- d-----w- c:\program files\alotappbar
2011-10-22 18:25 . 2011-10-22 18:25 -------- d-----w- c:\documents and settings\trauti\Application Data\Logishrd
2011-10-22 18:02 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-22 18:02 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 16:27 . 2011-06-26 20:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-19 21:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2009-10-18 19:49 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2010-06-07 15:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-11-01 18:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 10:58 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-30 10:58 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32(4).dll
2011-09-06 13:20 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-10-24 01:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-16 04:32 . 2011-06-26 20:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 20:25 605888 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
2011-10-21 14:21 48488 ----a-w- c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files\alotappbar\bin\ALOTHelper.dll" [2011-10-21 48488]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-30 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-15 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaddieSyncConduit]
2011-04-27 20:27 2364792 ----a-w- c:\program files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Cyfre\\ezStart\\ezStart.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\trauti\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:SkyCaddie Desktop
"9210:UDP"= 9210:UDP:SkyCaddie Desktop
.
R1 MpKsl3e6c99f8;MpKsl3e6c99f8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl3e6c99f8.sys [11/14/2011 7:42 PM 28752]
R1 MpKsl6ae382ca;MpKsl6ae382ca;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl6ae382ca.sys [11/14/2011 7:43 PM 28752]
R1 MpKsl9dd52d46;MpKsl9dd52d46;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKsl9dd52d46.sys [11/14/2011 7:17 PM 28752]
R1 MpKslb93708b7;MpKslb93708b7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69C17105-D8DE-4C6E-86C7-694EBD812415}\MpKslb93708b7.sys [11/14/2011 9:05 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 9:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 9:24 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl31dc6db8;MpKsl31dc6db8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKsl31dc6db8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKsl31dc6db8.sys [?]
S1 MpKsl46255956;MpKsl46255956;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B4DDE8-56D9-4A65-89EF-CD64D8098526}\MpKsl46255956.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B4DDE8-56D9-4A65-89EF-CD64D8098526}\MpKsl46255956.sys [?]
S1 MpKsl51152092;MpKsl51152092;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75131FB4-E296-44E3-8B7E-9B70FBD5468F}\MpKsl51152092.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75131FB4-E296-44E3-8B7E-9B70FBD5468F}\MpKsl51152092.sys [?]
S1 MpKsl514225a1;MpKsl514225a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D841D3A7-FB36-4101-97C6-7FAA74A441C7}\MpKsl514225a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D841D3A7-FB36-4101-97C6-7FAA74A441C7}\MpKsl514225a1.sys [?]
S1 MpKsl9ca6f2aa;MpKsl9ca6f2aa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B776421-35BF-40DE-A5D7-F998634631AB}\MpKsl9ca6f2aa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B776421-35BF-40DE-A5D7-F998634631AB}\MpKsl9ca6f2aa.sys [?]
S1 MpKsla049956d;MpKsla049956d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsla049956d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsla049956d.sys [?]
S1 MpKslc2a5156b;MpKslc2a5156b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslc2a5156b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslc2a5156b.sys [?]
S1 MpKslc4152753;MpKslc4152753;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88766831-D887-4268-A200-9FE69700466E}\MpKslc4152753.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88766831-D887-4268-A200-9FE69700466E}\MpKslc4152753.sys [?]
S1 MpKsld269900d;MpKsld269900d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsld269900d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C2FAB2F-0298-47CF-90F9-2A2C184214EF}\MpKsld269900d.sys [?]
S1 MpKslf208c003;MpKslf208c003;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf208c003.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf208c003.sys [?]
S1 MpKslf2912e18;MpKslf2912e18;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf2912e18.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F8956A-DF88-459E-AEB8-CA54E7273460}\MpKslf2912e18.sys [?]
S1 MpKslf2c092b9;MpKslf2c092b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBC98A9-CF63-4E4C-A94D-1D40F6494600}\MpKslf2c092b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBC98A9-CF63-4E4C-A94D-1D40F6494600}\MpKslf2c092b9.sys [?]
S1 MpKslffe0b922;MpKslffe0b922;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslffe0b922.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8A5CB7-FE57-4E80-AE42-7D05F5A421EA}\MpKslffe0b922.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3E6C99F8
*NewlyCreated* - MPKSL6AE382CA
*NewlyCreated* - MPKSL9DD52D46
*NewlyCreated* - MPKSLB93708B7
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005Core.job
- c:\documents and settings\trauti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 14:12]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319465762-2649393229-260348318-1005UA.job
- c:\documents and settings\trauti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 14:12]
.
2011-11-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-11-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2011-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1319465762-2649393229-260348318-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.oldhalifax.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
Trusted Zone: bild.de\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://ulrich.dyndns-ip.com/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\documents and settings\trauti\Application Data\Mozilla\Firefox\Profiles\bclwurc4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.oldhalifax.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 10:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-11-15 10:27:32
ComboFix-quarantined-files.txt 2011-11-15 15:27
.
Pre-Run: 46,885,036,032 bytes free
Post-Run: 46,997,745,664 bytes free
.
- - End Of File - - 9B47BAACF95CE43489D87164E0421E49

descriptionSolvedRe: Recurring Exploit:java/blacole.ae

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum