Ronald Schutz

Trace.Registry.agent!E1 and Trace.Registry.gabpath!E1

3 posts in this topic

These two items come up on every scan even though they have been deleted. I am now following the instructions given me by Emsisoft to correct this situation. Files (logs) are attached.

0

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O13[b]64bit:[/b] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:[b]64bit:[/b] - Protocol\Handler\gopher - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) -  File not found
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) -  File not found
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - AutoRun File - [2007/04/20 13:04:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
    [2012/07/28 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7B76E210-7332-467C-9D4D-7145350137CE}
    [2012/07/28 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{437B9B97-2A84-4457-9380-19AA218B98C5}
    [2012/07/27 08:41:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9E474AFB-2120-4071-AC9F-C067882255F8}
    [2012/07/27 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D7D5BC34-6E64-474B-99D2-B2EF8A6FE0CE}
    [2012/07/26 07:41:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3FC7C37A-9480-4388-B8AC-4A26E15D9229}
    [2012/07/26 07:40:23 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BEEEB00F-7685-4FAC-89FB-673ABC9FF971}
    [2012/07/25 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED2FB32-9387-4703-9C43-84A12E647CFD}
    [2012/07/25 08:35:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7E52C093-F468-4F95-A62A-5046FBA0E68C}
    [2012/07/24 08:31:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9399A7AC-6FE7-4A0B-9087-3F35C230DD14}
    [2012/07/24 08:30:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{B035991F-5176-4C87-BFD6-80F6CDDEEFDF}
    [2012/07/23 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7EBD3A98-3465-42C1-93DA-CC5232006345}
    [2012/07/23 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{D84B0192-6F9D-43DF-AC42-E3038DEB8701}
    [2012/07/22 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E69FAF98-440B-4790-8C42-287ABBA1F6E6}
    [2012/07/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{5B58E95B-BAF6-496E-B482-47D995F09B7E}
    [2012/07/21 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{F741CBE4-3F2E-4B28-AB57-651CA5E4D58B}
    [2012/07/20 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{8ED0FE97-4BCE-4965-A037-F228BA6F721C}
    [2012/07/20 07:14:14 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{926CE250-4E46-479D-BF2F-C22140E20565}
    [2012/07/19 09:04:33 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{A7D08EE8-90F0-4944-B4FA-282623B9DD28}
    [2012/07/19 09:03:54 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{3304D86A-F1BE-4FAF-B2D1-D0AF5E496A7B}
    [2012/07/18 09:13:27 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{0617964B-96FE-4A01-BFC1-FDB42DB55219}
    [2012/07/18 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9881BD93-66E1-4C6E-8B7A-4DC06AA6DF68}
    [2012/07/16 08:07:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{823DDAED-880C-4ECE-A39B-85154E112DA7}
    [2012/07/16 08:06:39 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DE888AB2-8E18-4181-BEDD-B7C8555402D9}
    [2012/07/15 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E4D0548F-A333-4203-A6B3-B0F3B8282D4D}
    [2012/07/15 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{9D37D8FD-D7A1-443E-B0C6-D1D5C2E68278}
    [2012/07/13 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{EF73DEA7-9530-47FA-87D6-00349A9F19C1}
    [2012/07/13 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{2BA01B20-0FDF-4960-8A88-472408080F68}
    [2012/07/05 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{E38923C1-DB5C-486D-BCEC-A361939BDC55}
    [2012/07/04 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{BE8FEFFF-C7F1-4126-986B-1C07429DD497}
    [2012/07/04 08:03:46 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{1E606C34-D5D4-4176-ABA6-98C1B3A27A3F}
    [2012/07/04 08:03:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{4B1A2203-C3B6-4F44-958E-8C1B03111F11}
    [2012/07/03 07:56:40 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{FE011245-F4B1-40C1-A3DB-D738992AD942}
    [2012/07/03 07:56:01 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{CDB323A2-D315-4BA7-B772-25D9FCEF78C0}
    [2012/06/30 08:32:55 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{6822F2FD-D091-4B1C-B899-B29DFCE768E9}
    [2012/06/30 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{7C841D0A-3330-416E-BEDD-E47B31537283}
    [2012/06/29 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{84F296CA-C85D-4106-A358-3A0A6CE1470B}
    [2012/06/29 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\RCS-DESKTOP\AppData\Local\{DFC50EDE-2DBA-4858-A89D-4731E1F4F0EE}
    [2010/12/01 14:21:18 | 002,470,635 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.JPG
    [2010/12/01 14:21:17 | 006,789,492 | ---- | C] () -- C:\Users\RCS-DESKTOP\AppData\Local	mpIMAGE1.0
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :Reg
    [-hkey_current_user\software\nbt]
    [-hkey_current_user\software\netnucleous]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

1

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.