[Emma_uk]

Went with f secure and it found some stuff


Scanning Report
Saturday, December 13, 2008 16:37:17 - 17:34:48

Computer name: OWNER-25KGJLS1N
Scanning type: Scan system for malware, rootkits
Target: C:\ G:\ H:\
Result: 15 malware found
Packed.Win32.Krap (virus)

* System

Packed.Win32.Krap.d (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A2E542A-B4FA-4FE1-ADA7-F7DED0643FF0}\RP295\A0164556.DLL

TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Adbrite (spyware)

* System

TrackingCookie.Adrevolver (spyware)

* System

TrackingCookie.Advertising (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Mediaplex (spyware)

* System

TrackingCookie.Revsci (spyware)

* System

TrackingCookie.Specificclick (spyware)

* System

TrackingCookie.Webtrends (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

W32/Zlob.gen123 (virus)

* C:\WINDOWS\SYSTEM32\AGENT.OMZ.FIX.EXE
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE

Statistics
Scanned:

* Files: 35146
* System: 3184
* Not scanned: 22

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 15
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\MCMSC_DCLMSUWNINLDXCG
* C:\WINDOWS\TEMP\MCMSC_GDYZBGRVS7COBV6
* C:\WINDOWS\TEMP\MCMSC_PCGJKYZ7S9LVU5H
* C:\WINDOWS\TEMP\MCMSC_QVMPATQVRS4IZR3
* C:\WINDOWS\TEMP\SQLITE_7RY03ET1ATID776
* C:\WINDOWS\TEMP\SQLITE_B9DZTQDUC8QVSDI
* C:\WINDOWS\TEMP\SQLITE_EJALFQM9VLST5ZC
* C:\WINDOWS\TEMP\SQLITE_N4VAFLIRP29DWCF
* C:\WINDOWS\TEMP\SQLITE_QU9KWEKA4C05FHE
* C:\WINDOWS\TEMP\SQLITE_RRX13KL6HZU52WF
* C:\WINDOWS\TEMP\SQLITE_W6DMWGG16VCDPAH
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A2E542A-B4FA-4FE1-ADA7-F7DED0643FF0}\RP296\A0165658.COM
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A2E542A-B4FA-4FE1-ADA7-F7DED0643FF0}\RP296\A0165672.EXE
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A2E542A-B4FA-4FE1-ADA7-F7DED0643FF0}\RP295\A0164594.COM
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A2E542A-B4FA-4FE1-ADA7-F7DED0643FF0}\RP295\A0165613.EXE
* C:\SDFIX\APPS\CGHTME.EXE

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Blacklight: 2.4.1093
* F-Secure Hydra: 2.8.8110, 2008-12-13
* F-Secure Pegasus: 1.20.0, 2008-11-10
* F-Secure AVP: 7.0.171, 2008-12-13

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[Advertisements]

That is OK Emma, what it found is part of SmitfraudFix.

Could you run GMER again and do another scan as outlined in this post, then give me the new log?

Also let me know if you have any more problems with this machine.

By the way, those files have been passed on to the authors of some very powerful anti malware tools, and the rootkit which had infected you is now targeted by them. So many thanks for getting them uploaded!

[RatHat]

That is OK Emma, what it found is part of SmitfraudFix.

Could you run GMER again and do another scan as outlined in this post, then give me the new log?

Also let me know if you have any more problems with this machine.

By the way, those files have been passed on to the authors of some very powerful anti malware tools, and the rootkit which had infected you is now targeted by them. So many thanks for getting them uploaded!

[Emma_uk]

Its midnight here now. but ill do it in the morning. can i just delete the anti malware apps ive installed ?

glad i could help and many thanks for the help youve given me.

[RatHat]

Emma,

I will give you a tool to remove everything when I know you are OK, and show you how to uninstall Combofix and GMER.

Good Night!

[Emma_uk]

Good morning. Heres the new gmer report

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-14 09:54:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB2A1E9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2A1EA61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB2A1E978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB2A1E98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB2A1EA75]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB2A1EAA1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB2A1EB0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB2A1EAF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB2A1EA0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB2A1EB3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB2A1EA4D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB2A1E950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB2A1E964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB2A1E9DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB2A1EB77]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB2A1EAE3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB2A1EACD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB2A1EA8B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB2A1EB63]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB2A1EB4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB2A1E9B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB2A1E9A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB2A1EAB7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB2A1EA39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB2A1EB25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB2A1EA20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB2A1E9F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

[Emma_uk]

Still can't install java on this machine.

Says i already have it (although i don't) then doesnt let me reinstall it saying this action is only available for
products that are currently installed.

Any ideas ?

[RatHat]

Baffling Emma! Lets have a look with OTScanIt and see if we can find out why this is happening.

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• Check the box that says Scan All Users
• Check the box that says Include MD5
• For File Age, choose 60 Days
• Under Basic Scans leave all as default
• Under Additional Scans check the following:
  • Reg - App Paths
  • Reg - ControlSets
  • Reg - File Associations
  • Reg - Uninstall List
  • Evnt - EventViewer Logs (Last 10 Errors)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please zip the log and attach the zipped file in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[RatHat]

Additionally Emma, go to this page and test your Java.

If you don't get the dancing red nosed penguin

Try the additional configurations listed on the page:

1. Enable the JRE through your Web browser
2. Enable the JRE through the "Java Plug-in Control Panel"
3. Clearing your Web Browser Cache

Let me know what happens, and if this solves it.

[Emma_uk]

The zipped report for you

Attached Files

•  OTScanIt.zip   32.45KB   174 downloads

[Emma_uk]

Additionally Emma, go to this page and test your Java.


asks for a username and password

[RatHat]

OK, I am going to see if we can remove all traces of Java from your machine.

Start OTScanIt2.exe Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Win32 Services - Safe List]
YY -> (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> 
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [SSVHelper Class]
YN -> {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper]
YN -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2070620897-1754454779-3683679437-1006\] > -> HKEY_USERS\S-1-5-21-2070620897-1754454779-3683679437-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Reg Error: Key does not exist or could not be opened.]
YN -> DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.]
YN -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> FL.exe -> %ProgramFiles%\Image-Line\FL Studio 8\FL.exe [C:\Program Files\Image-Line\FL Studio 8\FL.exe]
YN -> install.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> javaws.exe -> %ProgramFiles%\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe]
YN -> RegCloneDVD.exe -> %ProgramFiles%\Elaborate Bytes\CloneDVD2\RegCloneDVD.exe [C:\Program Files\Elaborate Bytes\CloneDVD2\RegCloneDVD.exe]
YN -> setup.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 60 Days]
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 60 Days]
NY -> jinstall.exe -> C:\Documents and Settings\admin\Local Settings\temp\ICD1.tmp\jinstall.exe
NY -> jinstall.exe -> C:\Documents and Settings\admin\Local Settings\temp\ICD2.tmp\jinstall.exe
[Alternate Data Streams]
NY -> @Alternate Data Stream - 173 bytes -> %AllUsersProfile%\Application Data\TEMP:B4AF47A7
NY -> @Alternate Data Stream - 168 bytes -> %AllUsersProfile%\Application Data\TEMP:C4252FE0
NY -> @Alternate Data Stream - 165 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 158 bytes -> %AllUsersProfile%\Application Data\TEMP:B3D74A13
NY -> @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:0F8F5844
[Custom Items]
:files
%ProgramFiles%\Java
:end
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

Once done, go to Sun Java's website and re-download Java SE Runtime Environment (JRE) 6 Update 11

Choose Windows as your operating system, then Multi Language, the check the "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement" and click Continue

On the next page, download the Windows Offline Installation: jre-6u11-windows-i586-p.exe 15.42 MB

Save it to your desktop.

When the download is complete, double click it to install. When it has finished installing, try to access that test page again. Let me know how it goes.

[Emma_uk]

Required a reboot. trying java website now




Process Explorer.EXE killed successfully!
[Win32 Services - Safe List]
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
File not found.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_USERS\S-1-5-21-2070620897-1754454779-3683679437-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\Microsoft XML Parser for Java\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FL.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe\ deleted successfully.
[Files/Folders - Created Within 60 Days]
[Files/Folders - Modified Within 60 Days]
C:\Documents and Settings\admin\Local Settings\temp\ICD1.tmp\jinstall.exe moved successfully.
C:\Documents and Settings\admin\Local Settings\temp\ICD2.tmp\jinstall.exe moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4AF47A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
[Custom Items]
========== FILES ==========
C:\Program Files\Java\jre6\lib\zi\SystemV folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Pacific folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Indian folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Europe folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Etc folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Australia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Atlantic folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Asia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Antarctica folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\North_Dakota folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Kentucky folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Indiana folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Argentina folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Africa folder moved successfully.
C:\Program Files\Java\jre6\lib\zi folder moved successfully.
C:\Program Files\Java\jre6\lib\servicetag folder moved successfully.
C:\Program Files\Java\jre6\lib\security folder moved successfully.
C:\Program Files\Java\jre6\lib\management folder moved successfully.
C:\Program Files\Java\jre6\lib\images\cursors folder moved successfully.
C:\Program Files\Java\jre6\lib\images folder moved successfully.
C:\Program Files\Java\jre6\lib\im folder moved successfully.
C:\Program Files\Java\jre6\lib\i386 folder moved successfully.
C:\Program Files\Java\jre6\lib\fonts folder moved successfully.
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy folder moved successfully.
C:\Program Files\Java\jre6\lib\cmm folder moved successfully.
C:\Program Files\Java\jre6\lib\audio folder moved successfully.
C:\Program Files\Java\jre6\lib\applet folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6\bin\new_plugin folder moved successfully.
C:\Program Files\Java\jre6\bin\client folder moved successfully.
C:\Program Files\Java\jre6\bin folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
C:\Program Files\Java folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\admin\Local Settings\temp\~DFAC90.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\temp\~DFAC98.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_M4C2hp0ZamzjoCt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_stcLDb58L1wkRTk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_7kiQfh0p0rMk53Y scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_a1Zpdqyg5kaTpTx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_akgetYApXTFGKVj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_fkroxAesC8guham scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hRJ8GAMY4ZPxlWJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OvCAVJRgjw7wdCc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_vqZS1TOtXijNLO9 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Opera cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12142008_131956

Files moved on Reboot...
File C:\Documents and Settings\admin\Local Settings\temp\~DFAC90.tmp not found!
File C:\Documents and Settings\admin\Local Settings\temp\~DFAC98.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File C:\WINDOWS\temp\mcmsc_M4C2hp0ZamzjoCt not found!
File C:\WINDOWS\temp\mcmsc_stcLDb58L1wkRTk not found!
C:\WINDOWS\temp\sqlite_7kiQfh0p0rMk53Y moved successfully.
C:\WINDOWS\temp\sqlite_a1Zpdqyg5kaTpTx moved successfully.
C:\WINDOWS\temp\sqlite_akgetYApXTFGKVj moved successfully.
C:\WINDOWS\temp\sqlite_fkroxAesC8guham moved successfully.
C:\WINDOWS\temp\sqlite_hRJ8GAMY4ZPxlWJ moved successfully.
C:\WINDOWS\temp\sqlite_OvCAVJRgjw7wdCc moved successfully.
C:\WINDOWS\temp\sqlite_vqZS1TOtXijNLO9 moved successfully.
File C:\WINDOWS\temp\WFV1.tmp not found!

Registry entries deleted on Reboot...

[Emma_uk]

Didn't work

Still getting same message

[Emma_uk]

screenshots of error messages for you

Attached Thumbnails

• 
• 

Attached Files

•  image0007.zip   50.36KB   125 downloads

Edited by Emma_uk, 14 December 2008 - 08:01 AM.

[RatHat]

Can you try getting to this page: http://www.java.com/...d/installed.jsp