1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Java won't run

Discussion in 'Malware and Virus Removal Archive' started by tedgen, 2010/09/10.

Thread Status:
Not open for further replies.
  1. 2010/09/10
    tedgen

    tedgen Well-Known Member Thread Starter

    Joined:
    2002/08/23
    Messages:
    56
    Likes Received:
    0
    [Inactive] Java won't run

    I believe I've been infected. Java apps will no longer run on my computer
    Asus dual core 2.2, Windows 7 home premium, 4 gigs ram. Won't run in IE8 or Google Chrome. I have uninstalled and reinstalled Java. Running 64 bit system.


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Ted at 17:02:45.33 on Fri 09/10/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2559 [GMT -4:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Windows\AsScrPro.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00789021\x86\Toolbar\CAGlobal.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00789021\x86\Light\CAGlobalLight.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Ted\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://asus.msn.com
    uInternet Settings,ProxyServer = chatrosafe.chatropolis.com:3280
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\x86\toolbar\CallingIDIE.dll
    TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\x86\toolbar\CallingIDIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    uRun: [Google Update] "c:\users\ted\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe "
    mRun: [ATKOSD2] c:\program files (x86)\asus\atk package\atkosd2\ATKOSD2.exe
    mRun: [ATKMEDIA] c:\program files (x86)\asus\atk package\atk media\DMedia.exe
    mRun: [HControlUser] c:\program files (x86)\asus\atk package\atk hotkey\HControlUser.exe
    mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [IObit Security 360] "c:\program files (x86)\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe "
    StartupFolder: c:\users\ted\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_C4A2FC3E3722966204FDD8.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\srspre~1.lnk - c:\windows\installer\{e5cf6b9c-3abe-43c9-9413-ad5ffc98f049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    LSP: c:\windows\system32\VetRedir.dll
    Trusted Zone: reliablereports.com\surveylink
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\x86\toolbar\CallingIDToolbar.dll
    Notify: PFW - UmxWnp.Dll
    AppInit_DLLs: UmxSbxExw.dll
    SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\x86\linkadvisor\CIDLinkAdvisor.dll
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO-X64: CA Toolbar Helper: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\toolbar\CallingIDIE.dll
    BHO-X64: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - No File
    BHO-X64: CA Toolbar Helper - No File
    TB-X64: CA Toolbar: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\toolbar\CallingIDIE.dll
    TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
    mRun-x64: [cctray] "c:\program files\ca\ca internet security suite\casc.exe "
    AppInit_DLLs-X64: UmxSbxExA64.dll
    SEH-X64: ShellHook Class: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00789021\linkadvisor\CIDLinkAdvisor.dll
    SEH-X64: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No File

    ============= SERVICES / DRIVERS ===============

    R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 141304]
    R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-8-7 154360]
    R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-19 15928]
    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-19 55280]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 106488]
    R1 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 334712]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-8-25 71672]
    R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2009-6-8 88184]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-2-19 379520]
    R2 ASMMAP64;ASMMAP64;c:\program files (x86)\asus\atk package\atkgfnex\ASMMAP64.sys [2009-7-2 15416]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-8-11 303104]
    R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-8-11 285008]
    R2 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2010-8-14 312152]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-8-14 199672]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-8-25 69112]
    R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 1479160]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
    R2 UmxPol;HIPS Policy Manager;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-10-15 117760]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-8-14 136176]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-13 61288]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-21 31800]
    S3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\drivers\ser2ph64.sys [2009-5-19 89600]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-13 1255736]

    =============== Created Last 30 ================

    2010-09-10 15:42:44 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-09-10 15:42:44 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-09-10 15:42:44 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-09-10 15:22:16 0 d-----w- c:\program files (x86)\Citrix
    2010-09-10 15:21:54 72080 ----a-w- c:\users\ted\g2mdlhlpx.exe
    2010-09-10 00:35:06 468480 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-09 19:23:24 65536 --sha-w- c:\users\ted\ntuser.dat{da0b65af-bbfd-11df-9bea-e0cb4efffb7d}.TM.blf
    2010-09-09 19:23:24 524288 --sha-w- c:\users\ted\ntuser.dat{da0b65af-bbfd-11df-9bea-e0cb4efffb7d}.TMContainer00000000000000000002.regtrans-ms
    2010-09-09 19:23:24 524288 --sha-w- c:\users\ted\ntuser.dat{da0b65af-bbfd-11df-9bea-e0cb4efffb7d}.TMContainer00000000000000000001.regtrans-ms
    2010-09-01 17:52:25 0 d-----w- c:\users\ted\appdata\roaming\Privacy Guardian
    2010-09-01 17:48:03 0 d---a-w- c:\programdata\TEMP
    2010-09-01 17:47:55 212992 ----a-w- c:\windows\syswow64\UniBoxVB12.ocx
    2010-09-01 17:47:55 1101824 ----a-w- c:\windows\syswow64\UniBox210.ocx
    2010-09-01 17:47:54 880640 ----a-w- c:\windows\syswow64\UniBox10.ocx
    2010-09-01 17:47:53 506368 ----a-w- c:\windows\syswow64\msxml.dll
    2010-09-01 17:47:52 1081616 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
    2010-09-01 17:47:50 0 d-----w- c:\program files (x86)\common files\PC Tools
    2010-09-01 17:47:48 0 d-----w- c:\program files (x86)\Privacy Guardian
    2010-08-21 22:48:38 0 d-----w- c:\users\ted\appdata\roaming\OpenOffice.org
    2010-08-21 22:47:16 0 d-----w- c:\program files (x86)\JRE
    2010-08-21 22:47:14 0 d-----w- c:\program files (x86)\OpenOffice.org 3
    2010-08-21 17:54:19 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-08-21 17:54:18 0 d-----w- c:\program files\VS Revo Group
    2010-08-15 19:33:33 0 d-----w- c:\program files (x86)\PC Magazine Utilities
    2010-08-14 17:44:25 0 d-----w- c:\users\ted\appdata\roaming\IObit
    2010-08-14 17:44:23 0 d-----w- c:\programdata\IObit
    2010-08-14 17:44:20 0 d-----w- c:\program files (x86)\IObit
    2010-08-13 23:19:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-08-13 23:19:20 0 d-----w- c:\windows\syswow64\Wat
    2010-08-13 23:19:20 0 d-----w- c:\windows\system32\Wat
    2010-08-13 20:51:16 61288 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-08-13 20:32:07 0 d-----w- c:\users\ted\Tracing
    2010-08-13 19:11:34 0 d-----w- c:\users\ted\appdata\roaming\CANON INC
    2010-08-13 19:11:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2010-08-13 09:46:02 0 d-sh--w- c:\windows\syswow64\%APPDATA%
    2010-08-13 02:15:00 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
    2010-08-13 02:15:00 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
    2010-08-13 02:15:00 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2010-08-13 02:15:00 444752 ----a-w- c:\windows\system32\mscoree.dll
    2010-08-13 02:15:00 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-08-13 02:15:00 297808 ----a-w- c:\windows\syswow64\mscoree.dll
    2010-08-13 02:15:00 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
    2010-08-13 02:15:00 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2010-08-13 02:15:00 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
    2010-08-13 02:15:00 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-08-12 21:27:51 0 ----a-w- c:\users\ted\appdata\roaming\wklnhst.dat
    2010-08-12 18:49:55 0 d-----w- c:\programdata\ZoomBrowser
    2010-08-12 18:48:35 0 d-----w- c:\users\ted\appdata\roaming\ZoomBrowser EX
    2010-08-12 18:44:55 0 d-----w- c:\program files (x86)\Canon
    2010-08-12 17:25:38 0 d-----w- c:\program files (x86)\common files\Canon
    2010-08-12 17:06:02 0 d-----w- c:\programdata\Sun
    2010-08-12 17:05:44 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-08-12 16:48:30 0 d-----w- c:\programdata\Yahoo!
    2010-08-12 16:46:56 0 d-----w- c:\program files (x86)\Yahoo!
    2010-08-12 14:15:12 0 d-----w- c:\windows\system32\log
    2010-08-12 13:52:58 0 d-----w- c:\program files (x86)\Microsoft Streets & Trips 2010
    2010-08-12 13:51:01 0 d-----w- c:\program files (x86)\MSECache
    2010-08-12 13:09:59 0 d-----w- C:\Reliable
    2010-08-12 13:06:06 84992 ----a-w- c:\windows\system32\asycfilt.dll
    2010-08-12 13:06:06 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
    2010-08-12 13:06:04 463360 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 13:06:04 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-12 13:06:04 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-11 22:22:29 208332 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
    2010-08-11 21:49:42 95472 ----a-w- c:\windows\syswow64\Vetredir.dll
    2010-08-11 21:49:42 250096 ----a-w- c:\windows\system32\isafprod64.dll
    2010-08-11 21:49:42 201968 ----a-w- c:\windows\syswow64\Isafprod.dll
    2010-08-11 21:49:42 140016 ----a-w- c:\windows\system32\isafeif64.dll
    2010-08-11 21:49:42 128240 ----a-w- c:\windows\syswow64\Isafeif.dll
    2010-08-11 21:49:42 103152 ----a-w- c:\windows\system32\vetredir64.dll
    2010-08-11 21:49:26 0 d-----w- c:\program files (x86)\CA
    2010-08-11 21:49:05 0 d-----w- c:\program files\ISSThirdParty
    2010-08-11 21:48:57 6552 ----a-w- c:\windows\system32\wbem\canvprov.mof
    2010-08-11 21:48:57 118000 ----a-w- c:\windows\system32\wbem\canvprov.dll
    2010-08-11 21:48:38 0 d-----w- c:\program files\CA
    2010-08-11 21:33:55 0 d-----w- c:\programdata\CA
    2010-08-11 21:27:24 220672 ----a-w- c:\windows\system32\wintrust.dll
    2010-08-11 21:27:24 172032 ----a-w- c:\windows\syswow64\wintrust.dll
    2010-08-11 21:27:24 139264 ----a-w- c:\windows\system32\cabview.dll
    2010-08-11 21:27:24 132608 ----a-w- c:\windows\syswow64\cabview.dll

    ==================== Find3M ====================

    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
    2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
    2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
    2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-04-08 18:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
    2008-08-12 05:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
    2008-05-22 16:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
    2007-06-12 17:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 17:04:04.97 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/11/2010 5:18:13 PM
    System Uptime: 9/10/2010 1:44:00 PM (4 hours ago)

    Motherboard: ASUSTeK Computer Inc. | | K60IJ
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Socket 478 | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 116 GiB total, 89.052 GiB free.
    D: is FIXED (NTFS) - 335 GiB total, 333.98 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP5: 9/9/2010 6:54:57 PM - Removed Java(TM) 6 Update 21
    RP6: 9/9/2010 6:57:13 PM - Installed Java(TM) 6 Update 21
    RP7: 9/9/2010 8:34:30 PM - Installed Java(TM) 6 Update 21 (64-bit)
    RP8: 9/10/2010 11:28:40 AM - Removed Java(TM) 6 Update 21
    RP9: 9/10/2010 11:30:05 AM - Installed Java(TM) 6 Update 21
    RP10: 9/10/2010 11:36:49 AM - Removed Java(TM) 6 Update 20
    RP11: 9/10/2010 11:37:47 AM - Removed Java(TM) 6 Update 21
    RP12: 9/10/2010 11:39:10 AM - Removed Java(TM) 6 Update 21 (64-bit)
    RP13: 9/10/2010 11:42:14 AM - Installed Java(TM) 6 Update 21
    RP14: 9/10/2010 12:46:54 PM - Windows Backup
    RP15: 9/10/2010 1:03:24 PM - Windows Backup

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4 MUI
    Advanced SystemCare 3
    Alcor Micro USB Card Reader
    ASUS AI Recovery
    ASUS CopyProtect
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS_Screensaver
    ATK Package
    CA Website Inspector
    Canon G.726 WMP-Decoder
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    ControlDeck
    Google Chrome
    Google Earth
    Google Update Helper
    GoToMeeting 4.5.0.457
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    IObit Security 360
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Microsoft Choice Guard
    Microsoft Office Live Add-in 1.3
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable Package
    Mozilla Thunderbird (3.1.2)
    MSVCRT
    MSXML 4.0 SP3 Parser (KB973685)
    OpenOffice.org 3.2
    Platform
    Privacy Guardian 4.5
    Reliable iPhoto
    Reliable iSketch
    RoboType (PC Magazine)
    Roxio Burn
    Roxio Roxio Burn
    Roxio Update Manager
    Star Wars JK II Jedi Outcast
    VIA Platform Device Manager
    Watson
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    Yahoo! Messenger
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    9/9/2010 9:50:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/9/2010 9:50:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/9/2010 9:49:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/9/2010 9:49:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/9/2010 9:49:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/9/2010 9:49:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/9/2010 9:49:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent KmxCfg KmxFile KmxFilter KmxFw spldr Wanarpv6
    9/9/2010 6:12:20 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    9/5/2010 7:02:16 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
    9/10/2010 1:33:36 PM, Error: volmgr [46] - Crash dump initialization failed!

    ==== End Of File ===========================
    Thanks for any help.
     
    tedgen,
    #1
  2. 2010/09/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What are the symptoms of Java not running?


    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===============================================================

    Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences ", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan ", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".
    * Make sure everything has a checkmark next to it and click "Next ".
    * A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes ".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/09/12
    tedgen

    tedgen Well-Known Member Thread Starter

    Joined:
    2002/08/23
    Messages:
    56
    Likes Received:
    0
    java won't work

    My company uses a java applet on their secure server. This is a new computer and worked fine till a couple of days ago. Now the applet won't load, just get the little circle. Also other web sites won't load either. Everything else seems to work fine. Ran both antivirus software, and neither found a problem. I did see that 64 bit systems are tougher to detect

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    9/10/2010 7:06:49 PM
    mbam-log-2010-09-10 (19-06-49).txt

    Scan type: Quick scan
    Objects scanned: 123944
    Time elapsed: 5 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/10/2010 at 08:00 PM

    Application Version : 4.42.1000

    Core Rules Database Version : 5410
    Trace Rules Database Version: 3222

    Scan type : Complete Scan
    Total Scan Time : 00:22:03

    Memory items scanned : 328
    Memory threats detected : 0
    Registry items scanned : 13520
    Registry threats detected : 0
    File items scanned : 24682
    File threats detected : 0

    Is there anything else I can do before reformating? Thanks for your help
     
    tedgen,
    #3
  5. 2010/09/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes. Complete steps, I mentioned in my previous post.
     
    broni,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...