Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trace.Registry.agent!E1 and Trace.Registry.gabpath!E1

Started by Ronald Schutz, Jul 28 2012 07:58 PM

This topic is locked

2 replies to this topic

#1 Ronald Schutz

New Member

Members
1 posts

LocationColorado
OS:Windows 7 x64
AV:Norton Security Suite
HIPS:Norton Security Suite Firewall
Other:Emsisoft A-Squared

Posted 28 July 2012 - 07:58 PM

These two items come up on every scan even though they have been deleted. I am now following the instructions given me by Emsisoft to correct this situation. Files (logs) are attached.

Attached Files

a2scan_120728-115958.txt 1.01K 31 downloads
Extras.Txt 106.01K 36 downloads
OTL.Txt 106.56K 30 downloads
a2scan_120728-110133.txt 1.01K 26 downloads

Back to top

#2 ShadowPuterDude

Malware Removal Team Lead

Emsisoft Employee
9174 posts

LocationDepauville, NY, USA
OS:Windows XP
AV:Emsisoft Anti-Malware
HIPS:Online Armor
Other:WinPatrol Plus

Posted 28 July 2012 - 08:40 PM

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTLO2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not foundO3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKLM..\Run: []  File not foundO13[b]64bit:[/b] - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O18:[b]64bit:[/b] - Protocol\Handler\gopher - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value foundO20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) -  File not foundO20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) -  File not foundO20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - AutoRun File - [2007/04/20 13:04:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ][2012/07/28 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7B76E210-7332-467C-9D4D-7145350137CE}[2012/07/28 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{437B9B97-2A84-4457-9380-19AA218B98C5}[2012/07/27 08:41:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9E474AFB-2120-4071-AC9F-C067882255F8}[2012/07/27 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D7D5BC34-6E64-474B-99D2-B2EF8A6FE0CE}[2012/07/26 07:41:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3FC7C37A-9480-4388-B8AC-4A26E15D9229}[2012/07/26 07:40:23 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BEEEB00F-7685-4FAC-89FB-673ABC9FF971}[2012/07/25 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED2FB32-9387-4703-9C43-84A12E647CFD}[2012/07/25 08:35:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7E52C093-F468-4F95-A62A-5046FBA0E68C}[2012/07/24 08:31:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9399A7AC-6FE7-4A0B-9087-3F35C230DD14}[2012/07/24 08:30:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{B035991F-5176-4C87-BFD6-80F6CDDEEFDF}[2012/07/23 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7EBD3A98-3465-42C1-93DA-CC5232006345}[2012/07/23 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D84B0192-6F9D-43DF-AC42-E3038DEB8701}[2012/07/22 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E69FAF98-440B-4790-8C42-287ABBA1F6E6}[2012/07/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{5B58E95B-BAF6-496E-B482-47D995F09B7E}[2012/07/21 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{F741CBE4-3F2E-4B28-AB57-651CA5E4D58B}[2012/07/20 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED0FE97-4BCE-4965-A037-F228BA6F721C}[2012/07/20 07:14:14 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{926CE250-4E46-479D-BF2F-C22140E20565}[2012/07/19 09:04:33 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{A7D08EE8-90F0-4944-B4FA-282623B9DD28}[2012/07/19 09:03:54 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3304D86A-F1BE-4FAF-B2D1-D0AF5E496A7B}[2012/07/18 09:13:27 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{0617964B-96FE-4A01-BFC1-FDB42DB55219}[2012/07/18 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9881BD93-66E1-4C6E-8B7A-4DC06AA6DF68}[2012/07/16 08:07:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{823DDAED-880C-4ECE-A39B-85154E112DA7}[2012/07/16 08:06:39 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DE888AB2-8E18-4181-BEDD-B7C8555402D9}[2012/07/15 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E4D0548F-A333-4203-A6B3-B0F3B8282D4D}[2012/07/15 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9D37D8FD-D7A1-443E-B0C6-D1D5C2E68278}[2012/07/13 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{EF73DEA7-9530-47FA-87D6-00349A9F19C1}[2012/07/13 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{2BA01B20-0FDF-4960-8A88-472408080F68}[2012/07/05 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E38923C1-DB5C-486D-BCEC-A361939BDC55}[2012/07/04 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BE8FEFFF-C7F1-4126-986B-1C07429DD497}[2012/07/04 08:03:46 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{1E606C34-D5D4-4176-ABA6-98C1B3A27A3F}[2012/07/04 08:03:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{4B1A2203-C3B6-4F44-958E-8C1B03111F11}[2012/07/03 07:56:40 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{FE011245-F4B1-40C1-A3DB-D738992AD942}[2012/07/03 07:56:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{CDB323A2-D315-4BA7-B772-25D9FCEF78C0}[2012/06/30 08:32:55 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{6822F2FD-D091-4B1C-B899-B29DFCE768E9}[2012/06/30 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7C841D0A-3330-416E-BEDD-E47B31537283}[2012/06/29 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{84F296CA-C85D-4106-A358-3A0A6CE1470B}[2012/06/29 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DFC50EDE-2DBA-4858-A89D-4731E1F4F0EE}[2010/12/01 14:21:18 | 002,470,635 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.JPG[2010/12/01 14:21:17 | 006,789,492 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.0@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4:Reg[-hkey_current_user\software\nbt][-hkey_current_user\software\netnucleous]:Commands[Purity][EmptyTemp][EmptyFlash][EmptyJava][Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

If you are seeking Malware Removal support keep it in the forums. It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

Back to top

#3 ShadowPuterDude

Malware Removal Team Lead

Emsisoft Employee
9174 posts

LocationDepauville, NY, USA
OS:Windows XP
AV:Emsisoft Anti-Malware
HIPS:Online Armor
Other:WinPatrol Plus

Posted 31 July 2012 - 10:15 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

If you are seeking Malware Removal support keep it in the forums. It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall