Jump to content


Photo
- - - - -

Trace.Registry.agent!E1 and Trace.Registry.gabpath!E1


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ronald Schutz

Ronald Schutz

    New Member

  • Members
  • Pip
  • 2 posts
  • LocationColorado
  • OS:Windows 8.1 x64
  • AV:Norton Security Suite
  • HIPS:Norton Security Suite Firewall
  • Other:Emsisoft A-Squared

Posted 28 July 2012 - 07:58 PM

These two items come up on every scan even though they have been deleted. I am now following the instructions given me by Emsisoft to correct this situation. Files (logs) are attached.

#2 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12705 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 28 July 2012 - 08:40 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O13[b]64bit:[/b] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:[b]64bit:[/b] - Protocol\Handler\gopher - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) -  File not found
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) -  File not found
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - AutoRun File - [2007/04/20 13:04:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
    [2012/07/28 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7B76E210-7332-467C-9D4D-7145350137CE}
    [2012/07/28 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{437B9B97-2A84-4457-9380-19AA218B98C5}
    [2012/07/27 08:41:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9E474AFB-2120-4071-AC9F-C067882255F8}
    [2012/07/27 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D7D5BC34-6E64-474B-99D2-B2EF8A6FE0CE}
    [2012/07/26 07:41:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3FC7C37A-9480-4388-B8AC-4A26E15D9229}
    [2012/07/26 07:40:23 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BEEEB00F-7685-4FAC-89FB-673ABC9FF971}
    [2012/07/25 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED2FB32-9387-4703-9C43-84A12E647CFD}
    [2012/07/25 08:35:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7E52C093-F468-4F95-A62A-5046FBA0E68C}
    [2012/07/24 08:31:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9399A7AC-6FE7-4A0B-9087-3F35C230DD14}
    [2012/07/24 08:30:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{B035991F-5176-4C87-BFD6-80F6CDDEEFDF}
    [2012/07/23 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7EBD3A98-3465-42C1-93DA-CC5232006345}
    [2012/07/23 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D84B0192-6F9D-43DF-AC42-E3038DEB8701}
    [2012/07/22 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E69FAF98-440B-4790-8C42-287ABBA1F6E6}
    [2012/07/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{5B58E95B-BAF6-496E-B482-47D995F09B7E}
    [2012/07/21 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{F741CBE4-3F2E-4B28-AB57-651CA5E4D58B}
    [2012/07/20 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED0FE97-4BCE-4965-A037-F228BA6F721C}
    [2012/07/20 07:14:14 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{926CE250-4E46-479D-BF2F-C22140E20565}
    [2012/07/19 09:04:33 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{A7D08EE8-90F0-4944-B4FA-282623B9DD28}
    [2012/07/19 09:03:54 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3304D86A-F1BE-4FAF-B2D1-D0AF5E496A7B}
    [2012/07/18 09:13:27 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{0617964B-96FE-4A01-BFC1-FDB42DB55219}
    [2012/07/18 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9881BD93-66E1-4C6E-8B7A-4DC06AA6DF68}
    [2012/07/16 08:07:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{823DDAED-880C-4ECE-A39B-85154E112DA7}
    [2012/07/16 08:06:39 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DE888AB2-8E18-4181-BEDD-B7C8555402D9}
    [2012/07/15 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E4D0548F-A333-4203-A6B3-B0F3B8282D4D}
    [2012/07/15 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9D37D8FD-D7A1-443E-B0C6-D1D5C2E68278}
    [2012/07/13 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{EF73DEA7-9530-47FA-87D6-00349A9F19C1}
    [2012/07/13 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{2BA01B20-0FDF-4960-8A88-472408080F68}
    [2012/07/05 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E38923C1-DB5C-486D-BCEC-A361939BDC55}
    [2012/07/04 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BE8FEFFF-C7F1-4126-986B-1C07429DD497}
    [2012/07/04 08:03:46 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{1E606C34-D5D4-4176-ABA6-98C1B3A27A3F}
    [2012/07/04 08:03:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{4B1A2203-C3B6-4F44-958E-8C1B03111F11}
    [2012/07/03 07:56:40 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{FE011245-F4B1-40C1-A3DB-D738992AD942}
    [2012/07/03 07:56:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{CDB323A2-D315-4BA7-B772-25D9FCEF78C0}
    [2012/06/30 08:32:55 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{6822F2FD-D091-4B1C-B899-B29DFCE768E9}
    [2012/06/30 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7C841D0A-3330-416E-BEDD-E47B31537283}
    [2012/06/29 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{84F296CA-C85D-4106-A358-3A0A6CE1470B}
    [2012/06/29 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DFC50EDE-2DBA-4858-A89D-4731E1F4F0EE}
    [2010/12/01 14:21:18 | 002,470,635 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.JPG
    [2010/12/01 14:21:17 | 006,789,492 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.0
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :Reg
    [-hkey_current_user\software\nbt]
    [-hkey_current_user\software\netnucleous]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#3 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12705 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 31 July 2012 - 10:15 PM

Thread Closed

Reason:
Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users