Am i still infected?

**ken545** · 2011-02-11, 11:59

Hi,

Go ahead and post a new OTL log

**sypko** · 2011-02-11, 12:33

Hi, again Ken.
My PC still runnig fine, i just have this Java issue.
i Was browsing around the web and find lots of folks having the same error.

it seems that JavaRA didnt remove all files- components, and they need to be removed manualy..

but i am not going follow instructions what i find, i was just curious.

i am going to do what you will advise me to do ;-)

here is a fresh OTL log:

OTL logfile created on: 11.2.2011 12:20:02 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,39 Gb Free Space | 4,53% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 22:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 22:29:40 | 000,000,000 | ---D | M]

[2009.05.03 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Extensions
[2011.02.06 10:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions
[2010.06.21 09:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.08 12:36:30 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\daemon-search.xml
[2011.02.06 10:36:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-1.xml
[2009.07.29 12:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-2.xml
[2009.08.05 12:47:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-3.xml
[2009.09.14 22:27:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-4.xml
[2009.10.29 16:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-5.xml
[2009.12.18 14:47:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-6.xml
[2010.01.06 23:33:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-7.xml
[2011.02.06 10:26:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-8.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin.xml
[2011.02.06 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 07:57:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.02 17:37:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.21 20:34:44 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.07.08 12:36:37 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2010.09.02 17:37:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.02 17:36:59 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.15 22:29:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.15 22:29:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.15 22:29:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.15 22:29:29 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.15 22:29:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.02.10 23:23:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Nero DriveSpeed] C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6BF8bAIjSv = C:\Documents and Settings\All Users\Application Data\nehmtcnc\bynuhapm.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-1a282b393534027c.spaces.l...d/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 20:01:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.11 00:17:37 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Majka\Desktop\jre-6u23-windows-i586.exe
[2011.02.11 00:11:48 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Majka\Desktop\JavaRa.exe
[2011.02.10 23:22:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.10 14:06:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Malwarebytes
[2011.02.09 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 14:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.09 14:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.09 14:36:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.09 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.06 16:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Majka\Recent
[2011.02.06 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011.02.06 01:00:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\My Documents\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011.02.05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.05 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Waldorf
[2011.02.05 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Local Settings\Application Data\eLicenser
[2011.02.05 11:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waldorf
[2011.02.05 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011.02.05 11:37:50 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2011.02.05 11:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\u-he
[2011.02.01 13:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.28 17:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\Blue Cat Audio
[2011.01.20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011.01.20 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011.01.19 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2011.01.19 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.11 10:40:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.11 10:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.11 00:19:28 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Majka\Desktop\jre-6u23-windows-i586.exe
[2011.02.10 23:32:33 | 000,004,352 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 23:23:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.02.10 22:42:51 | 000,005,547 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2011.02.10 18:29:17 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.10 14:06:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 14:27:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.08 19:33:31 | 000,078,639 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\fl studio related stuff.doc
[2011.02.07 13:33:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 14:39:16 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\quotes.doc
[2011.02.06 13:01:43 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\adresy biznis.xls
[2011.02.06 01:00:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 00:21:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 23:33:36 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.02.05 21:47:09 | 000,000,281 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.05 20:13:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 16:10:59 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2011.02.05 11:39:10 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:38:05 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:22:25 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011.02.05 11:22:25 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.02.05 11:22:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011.02.05 11:22:25 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011.02.04 17:23:30 | 005,296,904 | ---- | M] () -- C:\precursions62.wav
[2011.02.04 17:12:27 | 005,296,904 | ---- | M] () -- C:\precursions6.wav
[2011.01.31 00:07:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011.01.30 10:22:28 | 000,032,953 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\biznis.doc
[2011.01.27 23:03:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\ukrajina.xls
[2011.01.27 09:45:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.24 19:56:51 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.20 20:36:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:24:53 | 000,012,288 | -H-- | M] () -- C:\photothumb.db
[2011.01.19 21:24:50 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.19 21:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.18 12:16:50 | 000,219,593 | ---- | M] () -- C:\DSC07820.JPG
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.10 23:31:05 | 000,004,352 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 18:29:17 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.07 13:33:35 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 01:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 01:00:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.02.06 01:00:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.02.06 01:00:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.02.06 01:00:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.02.05 20:13:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 15:12:48 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 11:39:10 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:37:59 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011.02.05 11:37:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011.02.05 11:37:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011.02.05 11:37:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:37:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2011.02.04 17:19:37 | 005,296,904 | ---- | C] () -- C:\precursions62.wav
[2011.02.04 17:12:20 | 005,296,904 | ---- | C] () -- C:\precursions6.wav
[2011.01.20 20:36:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.19 21:12:55 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.18 11:10:18 | 000,219,593 | ---- | C] () -- C:\DSC07820.JPG
[2009.09.03 10:41:59 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009.09.03 10:41:58 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009.07.20 15:52:54 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009.07.08 12:34:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolefw.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solekuy.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibeh.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibtth.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solegeh.dll
[2009.07.03 09:35:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.18 17:36:49 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.06.13 19:40:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.06.13 19:40:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.06.13 12:17:11 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2009.05.31 13:09:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009.04.29 20:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.09.20 18:56:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008.05.10 21:38:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008.05.10 21:37:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.28 20:15:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008.04.23 10:44:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.23 10:44:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.23 10:44:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.23 10:44:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.23 10:44:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.21 20:50:17 | 000,000,959 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.03.27 19:45:05 | 000,000,281 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.09 12:03:42 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.02.23 20:02:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.14 17:56:53 | 000,000,645 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.03 01:26:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007.11.03 00:32:06 | 000,005,547 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.11.03 00:08:44 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.02 22:56:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.02 22:56:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007.11.02 22:38:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.02 22:20:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.07 18:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2003.04.21 14:30:42 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.17 22:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.03.20 23:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.07.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

**ken545** · 2011-02-11, 13:26

Lets try this

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)


:Services

:Reg

:Files



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

Then see if you can install the new version , if not I will link you to the Java forum that can help you

**sypko** · 2011-02-11, 14:45

here is the log you requested:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Majka
->Temp folder emptied: 34749 bytes
->Temporary Internet Files folder emptied: 197552 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 987 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_143349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Unfortunately i am still unable to Uninstall my old Java and so i cant install new one..

regutils.dll error is still driving me

**ken545** · 2011-02-11, 15:50

Why dont you post here and give them as much detail as possible.
http://forums.pcpitstop.com/index.ph...-to-user-help/

**sypko** · 2011-02-13, 21:33

hi Ken,
finally i have my java updated..
maybe it could be fine if you have a look at the thread i have on the forum you pointed me..

as i ran a combofix and it removed some stuff, so maybe you want to see the logs..

also i ran a HJ several times..

http://forums.pcpitstop.com/index.ph...3-regutilsdll/

**ken545** · 2011-02-13, 21:49

Just looking at it. Jacee is a sweetheart , have known her for many years

How are things running now ?

**sypko** · 2011-02-13, 22:52

She definitely is..

Things are running great, i would say much better than ever before..

anyway, i am waiting till i am finished with Jacee and then i will continue in the last steps with you..

i will do an online scan as you suggested earlier..

but meanwhile i have some questions about software we have installed together...
should i keep some of them?? which one do you suggest me to keep?

also some of those softs. have their backups, with a "bad stuff" .. do i need to remove those backup files manually or will they be removed during uninstalation process ?

**ken545** · 2011-02-13, 23:04

Lets not worry about the programs we used, we can remove them, lets wait for the final scan and then I will give you instructions for removing them all

**sypko** · 2011-02-14, 01:10

hi, i have done this online scanner..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16762 (vista_gdr.081013-1507)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=62f8fb105735c74ab6ddb5a51d0f99d3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-13 11:51:08
# local_time=2011-02-14 12:51:08 (+0100, Central Europe Standard Time)
# country="Slovakia"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8194 67108261 100 100 103849 92580259 0 0
# scanned=132696
# found=11
# cleaned=11
# scan_time=3897
# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081620
# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081620
# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081620
C:\Documents and Settings\Majka\Application Data\Thinstall\AppData\4000002ca00002h\Rollcage D3D.exe probably a variant of Win32/Agent.LHDEHVO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP157\A0012218.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP157\A0012219.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013316.exe Win32/Cycbot.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013320.exe a variant of Win32/Kryptik.KJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013345.exe a variant of Win32/Inject.NDT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013395.exe a variant of Win32/KillProc.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016321.exe probably a variant of Win32/TrojanDownloader.Obfuscated.BRSEMO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016322.exe probably a variant of Win32/Agent.LHDEHVO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016323.dll probably a variant of Win32/Delf.LQXDKYX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

i have finish this scan without removing quarantined files or uninstalling this online scanner as i was not sure what i should do..

so please point me what to do next

Thread: Am i still infected?

Thread Tools

Display

Eset online scanner log

Posting Permissions