malware: kbiwkm, uacbbr. unable to remove

Hi,

You don't have to do anything in registry if not asked. Uninstalling those programs from add/remove programs is enough. Just follow the instructions I post :)
 
Hi Blade,
I have downloaded a fresh copy of combo-fix and am still not able to have the CFScript launch combo-fix...
any suggestion?
 
Did you try with non renamed version? Let me know what happens if you try to drag cfscript file to non renamed combofix.exe.
 
Hi,
Just tried both the combofix and combo-fix as well as
CFScript.txt and cfscript.txt
none of them launched... ?
any suggestion?
 
I assume you have both ComboFix.exe and CFScript.txt file in c:\documents and settings\Dave\Desktop folder.

Let's see if you're able to make ComboFix run with following batch.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
Code: 
[b]@echo off
"c:\documents and settings\Dave\Desktop\ComboFix.exe" "c:\documents and settings\Dave\Desktop\CFScript.txt" >>c:\LogIt.txt
[/b]
Double-click on fixes.bat file to execute it.

If not, post contents of c:\LogIt.txt file.
 
Hi Blade,
The Bat was successful. :thanks:
Combofix ran and noted a down level program. I selected yes to download the most current version. It then proceeded to run the 1-50 stage scan.
The report generated is below with a dds to follow behind this.

I will now go back and complete the updates for:
java, adobe, flash as described in the earlier thread.


**************************
ComboFix 09-09-14.02 - Dave 09/15/2009 0:07.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.186 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\cqfrkd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave\Application Data\BitTorrent
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\174e8f3cf95081c31bc748615f07f62b5819326c
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\33adcfbe9566d10684bbe1dbf399867375184c19
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\3f1211e799140b8bfc7a7b9236b7f034dbcc5c4e
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\6f524a978bc96f8751411f0183d72a845b301fe5
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\a7a0349aec970727f72bfa6208daa59947ef4109
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\cdaa21f0b6b9e0c899286104da44bd4cf0391607
c:\documents and settings\Dave\Application Data\BitTorrent\data\routing_table
c:\documents and settings\Dave\Application Data\BitTorrent\data\ui_config
c:\documents and settings\Dave\Application Data\BitTorrent\data\ui_state
d:\program downloads\bittorent
d:\program downloads\bittorent\BitTorrent-6.1.2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FPOOJMS
-------\Service_fpoojms


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-04 21:58 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-26 19:47 . 2009-08-26 19:47 -------- d-----w- c:\windows\LastGood
2009-08-25 21:09 . 2009-08-25 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 00:20 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 19:30 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:49 . 2005-08-07 14:31 91917 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [8/16/2005 7:00 AM 26488]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-1&1 EasyLogin - c:\program files\1&1\1&1 EasyLogin\Uninstall.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUNINST.EXE -fc:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Canon Digital Camera USB WIA Driver - c:\windows\IsUninst.exe -fc:\program files\Canon\DC USB WIA\Uninst.isu
AddRemove-FLV Player - d:\program downloads\flv\FLV Player\uninst.exe
AddRemove-PhotoRecord - c:\windows\IsUninst.exe -fc:\program files\Canon\PhotoRecord\Uninst.isu
AddRemove-Xerox WC470cx Print - c:\windows\IsUninst.exe -fc:\windows\Deis470c.isu
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUninst.exe -fc:\program files\Canon\ZoomBrowser EX\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(280)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-09-15 0:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 07:18
ComboFix2.txt 2009-09-11 22:14

Pre-Run: 363,565,056 bytes free
Post-Run: 328,155,136 bytes free

222 --- E O F --- 2009-08-24 07:50


**************************
 
Hi Blade,
I am having some problems removing java from my computer. There seems to be some issues with my windows installer that prevents this to execute. I am also unable to update to the latest version of Adobe. Good news is I have 9.1.0.

I have not run the Kaspersky Online Scanner because of the above...

any suggestions?

Again, Thank You.
 
I am having some problems removing java from my computer. There seems to be some issues with my windows installer that prevents this to execute.
Click to expand...
Are you getting any error message? Is the same problem preventing you from updating Adobe Reader?
 
Yes, Adobe has an installation problem that prevents the update. and a partial installation didnt work ie language wasnt able to install either.
 
Hi,

Please post exact error messages you get. It's impossible to find out install preventing culprit without exact info.
 
I am not sure if the two problems are linked, but being one is installing and the other is uninstalling it could be.
 
Hi Blade,
Here is what I have encounted:

Java message:
Add or remove programs (pop-up window)
The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode, or if Windows installer is not correctly installed.
contact your support personnel for assistance.


Adobe message: when using double clicking the update.
Windows installer program (pop-up window)
The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode, or if Windows installer is not correctly installed.
contact your support personnel for assistance.

when using Adobe updater link:
The installation process has encounted a problem. Please choose from the following options:
cancel the current update and continue installing the remaining updates.
Stop installing and continue later
 
Registry Search by Bobbi Flekman

Download & extract this file to it's own folder - Registry Search

Launch Registry Search
In the search box, enter (on separate lines)

OptionValue
SAFEBOOT_OPTION


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.
& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well). Save it as a text file and attach the file to your reply.
 
Here is the registry search result:
:thanks:
**************************

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 9/15/2009 11:11:49 AM for strings:
; 'optionvalue'
; 'safeboot_option'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

; End Of The Log...

*******************************
 
Hi,

Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"=-

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

Reboot and see if you're able to remove Java and install Adobe Reader updates.
 
Hi Blade,
The registry fix worked perfectly, :bigthumb:
Everything on my laptop came back as it was a month ago.

I uninstalled and then ran the updates for both Java and Adobe (no problems encountered during this :))

I was then able to run all of the reports requested. Please see attachment:


KAS
***************************
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 15, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 15, 2009 20:56:54
Records in database: 2827310
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 98090
Threats found: 6
Infected objects found: 13
Suspicious objects found: 0
Scan duration: 03:04:47


File name / Threat / Threats count
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\kbiwkmubfdcdqp.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\UACyvyjhniyyj.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tajf83ikdmf.dll.vir Infected: Trojan-Downloader.Win32.Agent.cpql 1
D:\Current Mail\Profiles\a0yub1zwh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Current Mail\Thunderbird Mail\Thunderbird\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Dem\test for active mail profile\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Dem\working mail profile 900\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Local Folders-www\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1

Selected area has been scanned.


DDS Attached
***************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2005 8:32:06 PM
System Uptime: 9/15/2009 11:39:33 AM (4 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 0.313 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 2.802 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 9/11/2009 3:10:58 PM - System Checkpoint
RP2: 9/15/2009 12:06:03 AM - ComboFix created restore point
RP3: 9/15/2009 11:34:37 AM - Removed Java(TM) 6 Update 6
RP4: 9/15/2009 11:35:26 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP5: 9/15/2009 11:44:34 AM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AiO_Scan
ALPS Touch Pad Driver
AML Free Registry Cleaner 4.18
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
CDBurnerXP Pro 3
Conexant D110 MDC V.9x Modem
Digital Line Detect
DNA
eDrawings 2004
Enterprise
File Shredder 2.0
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.2 Corporate Edition
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java(TM) 6 Update 16
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft FrontPage Client - English
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.14)
Mozilla Thunderbird (2.0.0.22)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OMCI
PC Connectivity Solution
PeaZip 1.10
Picture Package
PowerDVD 5.1
QFolder
QuickSet
RealPlayer
RegCure 1.6.0.0
SBC Self Support Tool
SBC Yahoo! Applications
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shading Analyser
SolidWorks 2004 SP0
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SyncBack
TextPad 4.7
TWAIN Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Visual Studio.NET Baseline - English
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wise Disk Cleaner 4.64

==== Event Viewer Messages From Past Week ========

9/8/2009 7:33:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
9/8/2009 5:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
9/8/2009 5:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/11/2009 9:34:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/11/2009 9:31:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
9/10/2009 9:13:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

***************************


DDS
***************************

DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave at 15:23:50.63 on Tue 09/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.345 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
D:\Program Downloads\Picture Package Menu\SonyTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Downloads\Picture Package Applications\Residence.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "d:\program downloads\adobe 9\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program downloads\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program downloads\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program downloads\spybot\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\i8wujhmy.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-20 55656]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1979-12-31 80384]

=============== Created Last 30 ================

2009-09-15 11:44 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-15 11:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-15 11:34 0 a------- c:\windows\system32\REN12.tmp
2009-09-15 11:34 0 a------- c:\windows\system32\REN11.tmp
2009-09-15 11:27 <DIR> --d----- c:\program files\msn gaming zone
2009-09-11 15:02 <DIR> a-dshr-- C:\cmdcons
2009-09-11 15:00 229,888 a------- c:\windows\PEV.exe
2009-09-11 15:00 161,792 a------- c:\windows\SWREG.exe
2009-09-11 15:00 98,816 a------- c:\windows\sed.exe
2009-09-11 14:01 <DIR> --d----- c:\program files\trend micro
2009-09-04 14:59 102,032 -------- c:\windows\hpoins04.dat.temp
2009-09-04 14:59 17,218 -------- c:\windows\hpomdl04.dat.temp
2009-08-31 14:57 <DIR> --d----- c:\docume~1\dave\applic~1\Auslogics
2009-08-31 14:57 <DIR> --d----- c:\program files\Auslogics
2009-08-31 14:01 <DIR> --d----- c:\program files\Avira
2009-08-31 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-31 12:09 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-08-27 10:25 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2009-08-24 00:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 23:46 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-20 16:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-20 16:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-08-20 16:49 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-20 16:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-08-20 16:45 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 16:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-08-20 16:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 15:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 15:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-08-20 15:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-08-20 15:25 <DIR> --d----- c:\program files\AML Products
2009-08-19 16:17 <DIR> --d----- c:\documents and settings\dave\DoctorWeb
2009-08-19 15:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations

==================== Find3M ====================

2009-08-28 10:49 91,917 a------- c:\program files\SolidWorksswxJRNL.BAK
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 01:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-01-22 09:44 560 a------- c:\docume~1\dave\applic~1\ViewerApp.dat

============= FINISH: 15:24:43.52 ===============

***************************

thank you....!!!
 
Glad to hear that registry fix worked :)


Uninstall DNA thru add/remove programs.


Go through email messages in following mail boxes and delete suspicious looking messages:
D:\Current Mail\Profiles\a0yub1zwh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Current Mail\Thunderbird Mail\Thunderbird\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Dem\test for active mail profile\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Dem\working mail profile 900\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Local Folders-www\Outlook Express Mail.sbd\Inbox


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?
 
Hi Blade,
I am not able to locate DNA via add/remove control panel.
I am also not able to locate any DNA file on my system other than a file called DNA.syn located within the "textpad 4" "samples" program folder.

I could delete this folder but I dont believe this is what we are looking for...

any suggestions in locating and removing this...?

thanks again :thanks:
 
Hi Blade,
I found the email worm and removed it from the few the duplicate locations. :)

I at this point cannot run Combofix or Combo-fix, with the drag and drop of "CFScript". Last time we used the bat file but wanted I wanted to confirm with you first.

Still no DNA found

thank you for the great support.

dave
 
Hi,

If you can't locate DNA entry then skip that part. Use that same batch file for running ComboFix.
 
You must log in or register to reply here.
Back
Top