Am i still infected?

ken545 · Feb 11, 2011

Hi,

Go ahead and post a new OTL log

sypko · Feb 11, 2011

Hi, again Ken.
My PC still runnig fine, i just have this Java issue.
i Was browsing around the web and find lots of folks having the same error.

it seems that JavaRA didnt remove all files- components, and they need to be removed manualy..

but i am not going follow instructions what i find, i was just curious.

i am going to do what you will advise me to do ;-)

here is a fresh OTL log:

OTL logfile created on: 11.2.2011 12:20:02 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,39 Gb Free Space | 4,53% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 22:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 22:29:40 | 000,000,000 | ---D | M]

[2009.05.03 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Extensions
[2011.02.06 10:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions
[2010.06.21 09:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.08 12:36:30 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\daemon-search.xml
[2011.02.06 10:36:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-1.xml
[2009.07.29 12:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-2.xml
[2009.08.05 12:47:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-3.xml
[2009.09.14 22:27:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-4.xml
[2009.10.29 16:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-5.xml
[2009.12.18 14:47:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-6.xml
[2010.01.06 23:33:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-7.xml
[2011.02.06 10:26:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-8.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin.xml
[2011.02.06 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 07:57:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.02 17:37:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.21 20:34:44 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.07.08 12:36:37 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2010.09.02 17:37:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.02 17:36:59 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.15 22:29:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.15 22:29:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.15 22:29:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.15 22:29:29 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.15 22:29:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.02.10 23:23:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Nero DriveSpeed] C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6BF8bAIjSv = C:\Documents and Settings\All Users\Application Data\nehmtcnc\bynuhapm.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-1a282b393534027c.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 20:01:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.11 00:17:37 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Majka\Desktop\jre-6u23-windows-i586.exe
[2011.02.11 00:11:48 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Majka\Desktop\JavaRa.exe
[2011.02.10 23:22:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.10 14:06:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Malwarebytes
[2011.02.09 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 14:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.09 14:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.09 14:36:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.09 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.06 16:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Majka\Recent
[2011.02.06 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011.02.06 01:00:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\My Documents\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011.02.05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.05 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Waldorf
[2011.02.05 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Local Settings\Application Data\eLicenser
[2011.02.05 11:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waldorf
[2011.02.05 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011.02.05 11:37:50 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2011.02.05 11:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\u-he
[2011.02.01 13:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.28 17:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\Blue Cat Audio
[2011.01.20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011.01.20 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011.01.19 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2011.01.19 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.11 10:40:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.11 10:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.11 00:19:28 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Majka\Desktop\jre-6u23-windows-i586.exe
[2011.02.10 23:32:33 | 000,004,352 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 23:23:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.02.10 22:42:51 | 000,005,547 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2011.02.10 18:29:17 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.10 14:06:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 14:27:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.08 19:33:31 | 000,078,639 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\fl studio related stuff.doc
[2011.02.07 13:33:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 14:39:16 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\quotes.doc
[2011.02.06 13:01:43 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\adresy biznis.xls
[2011.02.06 01:00:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 00:21:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 23:33:36 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.02.05 21:47:09 | 000,000,281 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.05 20:13:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 16:10:59 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2011.02.05 11:39:10 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:38:05 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:22:25 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011.02.05 11:22:25 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.02.05 11:22:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011.02.05 11:22:25 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011.02.04 17:23:30 | 005,296,904 | ---- | M] () -- C:\precursions62.wav
[2011.02.04 17:12:27 | 005,296,904 | ---- | M] () -- C:\precursions6.wav
[2011.01.31 00:07:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011.01.30 10:22:28 | 000,032,953 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\biznis.doc
[2011.01.27 23:03:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\ukrajina.xls
[2011.01.27 09:45:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.24 19:56:51 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.20 20:36:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:24:53 | 000,012,288 | -H-- | M] () -- C:\photothumb.db
[2011.01.19 21:24:50 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.19 21:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.18 12:16:50 | 000,219,593 | ---- | M] () -- C:\DSC07820.JPG
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.10 23:31:05 | 000,004,352 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 18:29:17 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.07 13:33:35 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 01:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 01:00:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.02.06 01:00:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.02.06 01:00:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.02.06 01:00:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.02.05 20:13:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 15:12:48 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 11:39:10 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:37:59 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011.02.05 11:37:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011.02.05 11:37:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011.02.05 11:37:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:37:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2011.02.04 17:19:37 | 005,296,904 | ---- | C] () -- C:\precursions62.wav
[2011.02.04 17:12:20 | 005,296,904 | ---- | C] () -- C:\precursions6.wav
[2011.01.20 20:36:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.19 21:12:55 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.18 11:10:18 | 000,219,593 | ---- | C] () -- C:\DSC07820.JPG
[2009.09.03 10:41:59 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009.09.03 10:41:58 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009.07.20 15:52:54 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009.07.08 12:34:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolefw.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solekuy.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibeh.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibtth.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solegeh.dll
[2009.07.03 09:35:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.18 17:36:49 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.06.13 19:40:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.06.13 19:40:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.06.13 12:17:11 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2009.05.31 13:09:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009.04.29 20:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.09.20 18:56:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008.05.10 21:38:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008.05.10 21:37:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.28 20:15:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008.04.23 10:44:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.23 10:44:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.23 10:44:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.23 10:44:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.23 10:44:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.21 20:50:17 | 000,000,959 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.03.27 19:45:05 | 000,000,281 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.09 12:03:42 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.02.23 20:02:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.14 17:56:53 | 000,000,645 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.03 01:26:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007.11.03 00:32:06 | 000,005,547 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.11.03 00:08:44 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.02 22:56:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.02 22:56:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007.11.02 22:38:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.02 22:20:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.07 18:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2003.04.21 14:30:42 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.17 22:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.03.20 23:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.07.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

ken545 · Feb 11, 2011

Lets try this

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)


:Services

:Reg

:Files



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

Then see if you can install the new version , if not I will link you to the Java forum that can help you

sypko · Feb 11, 2011

here is the log you requested:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Majka
->Temp folder emptied: 34749 bytes
->Temporary Internet Files folder emptied: 197552 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 987 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_143349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Unfortunately i am still unable to Uninstall my old Java and so i cant install new one..

regutils.dll error is still driving me

ken545 · Feb 11, 2011

Why dont you post here and give them as much detail as possible.
http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/

sypko · Feb 13, 2011

hi Ken,
finally i have my java updated..
maybe it could be fine if you have a look at the thread i have on the forum you pointed me..

as i ran a combofix and it removed some stuff, so maybe you want to see the logs..

also i ran a HJ several times..

http://forums.pcpitstop.com/index.php?/topic/193604-internal-error-2753-regutilsdll/

ken545 · Feb 13, 2011

Just looking at it. Jacee is a sweetheart , have known her for many years

How are things running now ?

sypko · Feb 13, 2011

She definitely is..

Things are running great, i would say much better than ever before..

anyway, i am waiting till i am finished with Jacee and then i will continue in the last steps with you..

i will do an online scan as you suggested earlier..

but meanwhile i have some questions about software we have installed together...
should i keep some of them?? which one do you suggest me to keep?

also some of those softs. have their backups, with a "bad stuff" .. do i need to remove those backup files manually or will they be removed during uninstalation process ?

ken545 · Feb 13, 2011

Lets not worry about the programs we used, we can remove them, lets wait for the final scan and then I will give you instructions for removing them all

sypko · Feb 14, 2011

Eset online scanner log

hi, i have done this online scanner..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16762 (vista_gdr.081013-1507)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=62f8fb105735c74ab6ddb5a51d0f99d3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-13 11:51:08
# local_time=2011-02-14 12:51:08 (+0100, Central Europe Standard Time)
# country="Slovakia"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8194 67108261 100 100 103849 92580259 0 0
# scanned=132696
# found=11
# cleaned=11
# scan_time=3897
# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081620
# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081620
# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081620
C:\Documents and Settings\Majka\Application Data\Thinstall\AppData\4000002ca00002h\Rollcage D3D.exe probably a variant of Win32/Agent.LHDEHVO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP157\A0012218.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP157\A0012219.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013316.exe Win32/Cycbot.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013320.exe a variant of Win32/Kryptik.KJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013345.exe a variant of Win32/Inject.NDT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP158\A0013395.exe a variant of Win32/KillProc.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016321.exe probably a variant of Win32/TrojanDownloader.Obfuscated.BRSEMO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016322.exe probably a variant of Win32/Agent.LHDEHVO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{1908015F-0DD5-4A8D-A0ED-78849D651F62}\RP182\A0016323.dll probably a variant of Win32/Delf.LQXDKYX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

i have finish this scan without removing quarantined files or uninstalling this online scanner as i was not sure what i should do..

so please point me what to do next

sypko · Feb 14, 2011

also i ran

combofix /uninstall as Jacee advised me,

so i dont have restore points anymore.. i have a fresh one though.

ken545 · Feb 14, 2011

All those files where found in System restore, lets do this

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

How is your system behaving now ?

sypko · Feb 14, 2011

Good morning Ken.

I have done everything as you said..

but have a look at my post number #31

i ran a combofix /uninstall yesterday so i already had no restore points..

it just created a new one..

anyway my system is working fine :bigthumb:
now i have some "backups" files or Quarantined files in my

- online eset scan folder
- malvarebytes folder
- hi jackt this backups folder..

Nearly i forgot, here is a huge hug from Jacee for you :bighug:

:2thumb:

ken545 · Feb 14, 2011

Just got a valentines Day card from Jacee

You can open these and delete all the back up or quarantined entries

- online eset scan folder
- malvarebytes folder
- hi jackt this backups folder..

This will get rid of most of that also

Open OTL and click on Clean Up and it will remove most programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

sypko · Feb 14, 2011

Big thank you

Hi Ken, it is time to thank you for all your professional help and patience with me.
I really appreciate everything you have done for me without without expecting something in return.

I like the community here, how they are helpful, how you cooperate with each other. I have become interested in malware removal process, and i would be happy to help others as you do, but i am sure it is a difficult process to learn and i am afraid i dont have a time to sign for some lessons. They would probably dont want me with my "language" skills though

Anyway I am truly grateful to you and i like you so much for being such an unselfish and helpful person. On the other hand i really hope i will never ever need your help again. :laugh:

Thank you wholeheartedly dear Ken and have a

Happy Valentines day :bigthumb:

ken545 · Feb 14, 2011

Thank You

reo:

Removing this garbage gets more difficult each day, not like a few years ago when win 95 came out. Not only is this stuff annoying, it can also be dangerous. Cyber Criminals write this stuff and its all geared to stealing anything they can from you , like credit card, Bank Account numbers, your passewords for sites that do online banking and shopping.

http://forums.whatthetech.com/index.php?showtopic=80368
You can snoop around here if you wish, becoming a member of the malware removal community is a great feeling, I have made many many friends. It does take a commitment, it normally takes a year or more before we have you trained and feel that your able to help users on your own. The above site has a Malware Removal Classroom and I am a teacher at that site.

Take Care,
Ken

ken545 · Feb 21, 2011

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Am i still infected?

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

sypko

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert