error 7 out of memory continued...

[daabilly]

So i was told by a moderator to open a new topic instead of continuing the topic here at least partially because maniac is having connection issues.

So the short of it is malwarebytes previously would stop scanning after ~10 seconds and say error 7 out of memory. A huge list of scans later (documented in the above link) i was told to repair windows which i just recently did. It took me a while to do it and the topic was closed. After repairing windows and updating windows to current sp's and updates i am able to scan with malwarebytes normally. I also reinstalled all the dotnet junk that i need. I installed each dotnet separately. Everything seems good but windows keeps failing the dotnet 1.0 SP3 update.

So now i just want to make sure my computer is clean. I ran malwarebytes which found nothing, superantispyware found 5 tracking cookies which i removed, and i ran hijackthis and used http://www.hijackthis.de/en which found nothing.

I just want to make sure my computer is malware free before i use it to log into all my stuff.

Thanks in advance

[daabilly]

So i have no Java on my computer. When i try to install java with either the online and offline installers it asks "This software has already been installed on your computer. Would you like to reinstall it?" If i click no installer ends if i click yes it says preparing to remove. It then pops up a windows installer window and says "The feature you are trying to use is on a network resource that is unavailable. Click ok to try again, or enter an alternate path to a folder containing the installation package 'jre1.6.0_17-c.msi' in the box below."

I tried ok and also searched my computer for jre1.6.0_17-c.msi and its not there. I searched other xp computers i have and didnt find jre1.6.0_17-c.msi on them either.

I searched jre1.6.0_17-c.msi but google didnt find much. I found some posts saying to manually delete java from the reg. which i tried. I also searched and deleted "jre1.6.0_17-c.msi" in registry. It still thinks java is installed even though it isnt. I saved a restore point before i did anything.

Any idea what to do or where to start?

[Gammo]

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
  Click me
  If you can't disable them then just continue on.
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[daabilly]

Ok, i am including the log from combofix. I had installed comodo firewall and defense thinking i was done with scans. Im not sure it finished correctly, it took forever so i left it running all night. There was 4 bug report windows trying to send dump files to comodo. I sent one with what i was doing. Let me know if this log is complete.

Thanks for your help!

10_6_10_log.zip

[Gammo]

Hi,

Please do not attach your logs as it is harder for me to read them that way. Post them instead. I see your ComboFix is very log, so I've removed an unimportant part from the log.

And yes, the log is complete.

ComboFix 10-10-05.01 - jay rabe 10/06/2010 6:49.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.982 [GMT -4:00]

Running from: d:\documents and settings\jay rabe.JAY-80A8D653955\My Documents\Downloads\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\install.exe

.

((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))

.

2010-10-03 04:01 . 2010-10-03 04:36 79488 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll

2010-10-03 04:01 . 2010-10-03 04:36 152576 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Sun\Java\jre1.6.0_21\lzma.dll

2010-10-01 21:35 . 2010-10-01 21:35 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Local Settings\Application Data\HTC

2010-10-01 21:34 . 2010-10-01 21:34 -------- d-----w- d:\documents and settings\All Users\Application Data\HTC

2010-10-01 21:34 . 2010-10-01 21:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Teleca

2010-10-01 21:33 . 2010-10-01 21:33 -------- d-----w- d:\program files\Spirent Communications

2010-10-01 21:33 . 2010-10-01 21:34 -------- d-----w- d:\program files\HTC

2010-10-01 20:54 . 2010-10-01 20:56 -------- d-----w- D:\android-sdk-windows

2010-10-01 18:49 . 2010-10-01 18:49 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Teleca

2010-10-01 18:48 . 2010-10-01 21:34 -------- d-----w- d:\program files\Common Files\Teleca Shared

2010-10-01 18:46 . 2010-10-01 21:32 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Local Settings\Application Data\Downloaded Installations

2010-10-01 18:01 . 2010-10-01 18:02 -------- d-----w- d:\program files\Songbird

2010-09-29 18:53 . 2010-09-29 18:54 -------- d-----w- d:\program files\SpywareBlaster

2010-09-27 14:32 . 2010-09-27 14:32 -------- d-----w- d:\program files\uTorrent

2010-09-27 14:13 . 2010-09-27 14:13 -------- d-----w- d:\documents and settings\All Users\Application Data\COMODO

2010-09-27 14:11 . 2010-09-27 14:11 -------- d-----w- d:\program files\COMODO

2010-09-27 12:57 . 2010-09-27 13:03 -------- d-----w- d:\windows\system32\URTTemp

2010-09-27 12:10 . 2010-06-18 11:39 16896 -c----w- d:\windows\system32\dllcache\iecompat.dll

2010-09-27 12:09 . 2010-06-24 21:51 11077120 -c----w- d:\windows\system32\dllcache\ieframe.dll

2010-09-27 12:09 . 2010-06-24 12:22 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll

2010-09-27 12:09 . 2010-06-24 12:21 599040 -c----w- d:\windows\system32\dllcache\msfeeds.dll

2010-09-27 12:09 . 2010-06-24 12:21 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll

2010-09-27 12:09 . 2010-06-24 12:21 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll

2010-09-27 12:09 . 2010-06-24 12:21 1986560 -c----w- d:\windows\system32\dllcache\iertutil.dll

2010-09-27 12:09 . 2010-06-24 12:21 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll

2010-09-27 03:56 . 2004-08-04 12:00 403 -c----w- d:\windows\system32\dllcache\npdrmv2.zip

2010-09-27 03:56 . 2004-08-04 12:00 22060 -c----w- d:\windows\system32\dllcache\npds.zip

2010-09-27 03:56 . 2009-07-31 14:05 1372672 -c----w- d:\windows\system32\dllcache\msxml6.dll

2010-09-27 03:56 . 2008-04-13 17:27 79872 -c----w- d:\windows\system32\dllcache\msxml6r.dll

2010-09-27 03:55 . 2008-04-14 00:12 294912 -c----w- d:\windows\system32\dllcache\dlimport.exe

2010-09-27 03:37 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys

2010-09-27 03:37 . 2010-06-21 15:27 354304 -c----w- d:\windows\system32\dllcache\srv.sys

2010-09-27 03:37 . 2010-02-24 13:11 455680 -c----w- d:\windows\system32\dllcache\mrxsmb.sys

2010-09-27 03:37 . 2009-11-21 15:51 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll

2010-09-27 03:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys

2010-09-27 03:33 . 2008-10-15 16:34 337408 -c----w- d:\windows\system32\dllcache\netapi32.dll

2010-09-27 03:32 . 2008-04-21 12:08 215552 -c----w- d:\windows\system32\dllcache\wordpad.exe

2010-09-27 03:31 . 2010-06-14 14:31 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe

2010-09-27 02:38 . 2004-08-04 12:00 16384 -c--a-w- d:\windows\system32\dllcache\quser.exe

2010-09-27 02:37 . 2004-08-04 12:00 10096640 -c--a-w- d:\windows\system32\dllcache\hwxcht.dll

2010-09-27 02:36 . 2004-08-04 12:00 6144 -c--a-w- d:\windows\system32\dllcache\admxprox.dll

2010-09-27 02:36 . 2004-08-04 12:00 49664 -c--a-w- d:\windows\system32\dllcache\adrot.dll

2010-09-27 02:36 . 2001-08-18 02:36 5632 -c--a-w- d:\windows\system32\dllcache\EXCH_adsiisex.dll

2010-09-27 02:36 . 2004-08-04 12:00 7168 -c--a-w- d:\windows\system32\dllcache\wamregps.dll

2010-09-27 02:36 . 2004-08-04 12:00 7680 -c--a-w- d:\windows\system32\dllcache\inetmgr.exe

2010-09-27 02:36 . 2004-08-04 12:00 19968 -c--a-w- d:\windows\system32\dllcache\inetsloc.dll

2010-09-27 02:36 . 2004-08-04 12:00 5632 -c--a-w- d:\windows\system32\dllcache\iisrstap.dll

2010-09-27 02:36 . 2004-08-04 12:00 169984 -c--a-w- d:\windows\system32\dllcache\iisui.dll

2010-09-27 02:36 . 2004-08-04 12:00 14336 -c--a-w- d:\windows\system32\dllcache\iisreset.exe

2010-09-27 02:36 . 2004-08-04 12:00 6144 -c--a-w- d:\windows\system32\dllcache\ftpsapi2.dll

2010-09-27 02:34 . 2004-08-04 12:00 16384 -c--a-w- d:\windows\system32\dllcache\isignup.exe

2010-09-27 02:21 . 2004-08-04 12:00 24661 -c--a-w- d:\windows\system32\dllcache\spxcoins.dll

2010-09-27 02:21 . 2004-08-04 12:00 24661 ----a-w- d:\windows\system32\spxcoins.dll

2010-09-27 02:21 . 2004-08-04 12:00 13312 -c--a-w- d:\windows\system32\dllcache\irclass.dll

2010-09-27 02:21 . 2004-08-04 12:00 13312 ----a-w- d:\windows\system32\irclass.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-06 01:26 . 2010-01-23 23:11 -------- d-----w- d:\program files\PeerBlock

2010-10-06 00:30 . 2008-05-27 01:21 -------- d-----w- d:\program files\AVG

2010-10-01 18:00 . 2010-03-20 14:39 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Songbird2

2010-09-30 13:24 . 2009-02-25 04:13 -------- d-----w- d:\program files\Mozilla Thunderbird

2010-09-29 13:50 . 2010-07-16 00:52 -------- d-----w- d:\program files\SUPERAntiSpyware

2010-09-29 12:00 . 2010-06-01 23:00 285480 ----a-w- d:\windows\system32\guard32.dll

2010-09-29 12:00 . 2010-06-04 15:55 239240 ----a-w- d:\windows\system32\drivers\cmdGuard.sys

2010-09-29 12:00 . 2010-06-01 23:00 91560 ----a-w- d:\windows\system32\drivers\inspect.sys

2010-09-29 12:00 . 2010-06-01 23:00 25240 ----a-w- d:\windows\system32\drivers\cmdhlp.sys

2010-09-29 12:00 . 2010-06-01 23:00 15592 ----a-w- d:\windows\system32\drivers\cmderd.sys

2010-09-28 11:47 . 2008-09-03 01:57 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\uTorrent

2010-09-28 02:33 . 2010-07-16 00:54 63488 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-28 02:32 . 2010-07-16 00:54 117760 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-27 16:25 . 2010-09-27 16:25 0 ----a-w- d:\windows\system32\REN3F3.tmp

2010-09-27 16:25 . 2010-09-27 16:25 0 ----a-w- d:\windows\system32\REN3F2.tmp

2010-09-27 16:25 . 2010-09-27 16:25 0 ----a-w- d:\windows\system32\REN3F1.tmp

2010-09-27 03:25 . 2009-02-14 19:39 8 ----a-w- d:\windows\system32\nvModes.dat

2010-09-27 02:56 . 2008-08-27 01:22 76096 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-27 02:32 . 2008-02-27 05:53 23348 ----a-w- d:\windows\system32\emptyregdb.dat

2010-08-30 22:04 . 2008-01-29 16:02 109360 ----a-w- d:\windows\system32\GEARAspi.dll

2010-08-30 22:04 . 2008-01-29 16:01 15664 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- d:\windows\system32\spoolsv.exe

2010-08-09 16:26 . 2009-03-04 00:32 -------- d-----w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Malwarebytes

2010-08-09 16:26 . 2010-08-09 16:26 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-08-09 16:26 . 2009-03-04 00:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- d:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-01-23 21:02 5120 ----a-w- d:\windows\system32\xpsp4res.dll

2010-07-16 00:54 . 2010-07-16 00:54 52224 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-12 12:59 . 2010-07-12 12:59 2466 ----a-w- d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\MathWorks\MATLAB\mcr_v75\Boschc_EDDA52C2E8782EF5FF6719241DE72711\compopts.bat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"PeerBlock"="d:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

"sbitunesagent"="d:\program files\Songbird\songbirditunesagent.exe" [2010-08-30 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PinnacleDriverCheck"="d:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"zBrowser Launcher"="d:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"CORSAIR_PLUtil"="d:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2006-04-19 94208]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" [2008-05-16 1630208]

"SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]

"Mobile Connectivity Suite"="d:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

d:\documents and settings\jay rabe.JAY-80A8D653955\Start Menu\Programs\Startup\

MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2008-5-16 575488]

SolidWorks Task Scheduler Engine.lnk - f:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

d:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"d:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"d:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"d:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"d:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"d:\\Program Files\\AIM6\\aim6.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\speedDIAL\\speedDIAL.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [1/1/2002 5:40 AM 135336]

R2 WinRT;WinRT;d:\windows\system32\drivers\WINRT.SYS [3/5/2008 11:37 PM 99360]

R3 pbfilter;pbfilter;d:\program files\PeerBlock\pbfilter.sys [1/23/2010 7:11 PM 14424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 hasplms;HASP License Manager;d:\windows\system32\hasplms.exe -run --> d:\windows\system32\hasplms.exe -run [?]

S2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;e:\program files\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [9/11/2009 7:46 PM 144680]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;e:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [10/15/2009 6:51 AM 87336]

S3 motccgp;Motorola USB Composite Device Driver;d:\windows\system32\drivers\motccgp.sys [11/12/2008 9:32 PM 18176]

S3 motccgpfl;MotCcgpFlService;d:\windows\system32\drivers\motccgpfl.sys [11/12/2008 9:32 PM 7680]

S3 Motorola-Netmon-Serial;Network Monitor Serial Driver;d:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys --> d:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys [?]

S3 motport;Motorola USB Diagnostic Port;d:\windows\system32\drivers\motport.sys [11/12/2008 9:32 PM 23680]

S3 PLFF;USB Flash Disk Driver;d:\windows\system32\drivers\plff.sys [12/27/2008 3:19 AM 7424]

S3 s3m;s3m;d:\windows\system32\drivers\s3m.sys [1/1/2002 4:25 AM 166720]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [2/27/2008 8:43 PM 715248]

.

Contents of the 'Scheduled Tasks' folder

2010-09-27 d:\windows\Tasks\AppleSoftwareUpdate.job

- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

.

.

------- Supplementary Scan -------

.

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

TCP: {6F895DE8-0F05-4848-981C-43154BC602B1} = 192.168.1.1

TCP: {CE41FF6F-61EA-4208-9444-2B1294F3D1A3} = 192.168.1.1

FF - ProfilePath - d:\documents and settings\jay rabe.JAY-80A8D653955\Application Data\Mozilla\Firefox\Profiles\ixepuclv.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?hl=en&tab=wn&pz=1&zx=c9048n1gi0w2

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - trued:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.aspx\Persiste*tHandler]

@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\Root\LEGACY_FLEXNET_LICENSING_SERVICE\0000]

@Denied: (Read) (Everyone)

"Service"="FLEXnet Licensing Service"

"Legacy"=dword:00000001

"ConfigFlags"=dword:00000000

"Class"="LegacyDriver"

"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"

"DeviceDesc"="FLEXnet Licensing Service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)

d:\program files\SUPERAntiSpyware\SASWINLO.DLL

d:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(848)

d:\windows\system32\guard32.dll

.

Completion time: 2010-10-06 09:12:22

ComboFix-quarantined-files.txt 2010-10-06 13:12

ComboFix2.txt 2010-07-22 18:33

ComboFix3.txt 2010-07-16 05:15

Pre-Run: 111,842,467,840 bytes free

Post-Run: 112,472,113,152 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 71B7F89AB8804CE7794F3BB4B5B1F33A

[Gammo]

Hi,

I don't think your problem is malware related. I suggest you start a new topic in the General Malwarebytes' Anti-Malware Forum.

Some cleanup for you first:

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Download OTC to your desktop and run it
  
• A list of tool components used in the Cleanup of malware will be downloaded.
  
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  
• Click Yes to begin the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
  

[daabilly]

Ok, i uninstalled combofix and ran OTC. I dont think it is malware related but im pretty sure its from removing Java with javara and it missing some. I emailed the javara creaters with the error to try to help them improve javara and in turn help me fix my issue but havent heard anything.

This topic here is the 3rd new topic i have on this issue on malwarebytes forums. I can open a 4th if you tell me to, i just try to not clutter stuff. I thought thats also why you guys wanted the logs zipped (less clutter,) sorry about that.

Thanks for your help so far.

[Gammo]

Hi,

No problem. Glad I could help.

You can open a 4th topic, if you want.

I'll ask a moderator to close this topic.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.