WiredWX Hobby Weather ToolsLog in

 


Updated java and got something

2 posters

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
ComboFix 13-04-06.02 - Englewood 04/06/2013 11:24:55.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1976 [GMT -5:00]
Running from: c:\users\Englewood\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ENGLEW~1\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
c:\users\Englewood\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy4_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
.
.
2013-04-06 16:33 . 2013-04-06 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-06 16:33 . 2013-04-06 16:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-06 16:33 . 2013-04-06 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:22 . 2013-03-30 23:22 -------- d-----w- c:\users\Guest\AppData\Local\Diagnostics
2013-03-16 08:53 . 2013-03-16 08:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:24 . 2013-03-12 14:24 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 08:53 . 2012-08-18 05:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-16 08:53 . 2011-07-27 02:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-29 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-03-21 911248]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-03-21 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-03-21 19872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Englewood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Englewood\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-02-18 82112]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys [2012-02-22 358480]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys [2012-02-22 75856]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-03-12 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2012-04-18 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20130405.001\IDSvia64.sys [2012-12-28 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-16 5827072]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-24 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-29 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-31 10:58 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 11:35]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 11:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Englewood\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Englewood\AppData\Roaming\Mozilla\Firefox\Profiles\bq4zkpaq.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, bf5c3c65-f687-4fa5-8ddd-84f0910861c8
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-04-06 11:43:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-06 16:43
ComboFix2.txt 2012-09-01 07:44
.
Pre-Run: 489,038,340,096 bytes free
Post-Run: 489,111,490,560 bytes free
.
- - End Of File - - 5BC6077ACEB5CA0B49159C37FD7D42A6

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

********************************************

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 20.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:580 Go - Free:451 Go )
D:\ [CD_Rom]
Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 11:33.15
Path : C:\Users\Englewood\Downloads\Rooter(1).exe
User : Englewood ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (304)
Locked csrss.exe (440)
Locked wininit.exe (512)
Locked csrss.exe (544)
Locked winlogon.exe (576)
Locked services.exe (620)
Locked lsass.exe (632)
Locked lsm.exe (640)
Locked svchost.exe (744)
Locked svchost.exe (820)
Locked atiesrxx.exe (892)
Locked svchost.exe (952)
Locked svchost.exe (1008)
Locked svchost.exe (268)
Locked svchost.exe (1052)
Locked svchost.exe (1236)
Locked GFNEXSrv.exe (1316)
Locked wlanext.exe (1324)
Locked conhost.exe (1348)
Locked spoolsv.exe (1488)
Locked svchost.exe (1524)
Locked armsvc.exe (1692)
Locked AppleMobileDeviceService.exe (1756)
Locked mDNSResponder.exe (1804)
Locked mbamscheduler.exe (1908)
Locked mbamservice.exe (1972)
Locked NIHardwareService.exe (2000)
Locked ccsvchst.exe (2028)
Locked SymcPCCULaunchSvc.exe (1084)
Locked ccSvcHst.exe (1160)
Locked svchost.exe (1832)
Locked sftvsa.exe (2212)
Locked TODDSrv.exe (2304)
Locked TosCoSrv.exe (2336)
Locked WLIDSVC.EXE (2396)
Locked sftlist.exe (2516)
Locked WLIDSVCM.EXE (2648)
Locked WmiPrvSE.exe (2696)
Locked TecoService.exe (2792)
Locked unsecapp.exe (2848)
Locked CVHSVC.EXE (1120)
Locked atieclxx.exe (3432)
Locked PresentationFontCache.exe (3596)
Locked SearchIndexer.exe (3712)
Locked svchost.exe (3652)
Locked wmpnetwk.exe (2644)
______ ?????????? (3232)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3164)
Locked ccsvchst.exe (2580)
Locked ccSvcHst.exe (3320)
______ ?????????? (3648)
______ ?????????? (1216)
______ ?????????? (4360)
______ ?????????? (4484)
______ ?????????? (4496)
______ ?????????? (4504)
______ ?????????? (4512)
______ ?????????? (4520)
______ ?????????? (4712)
______ ?????????? (4724)
______ ?????????? (4736)
Locked GoogleToolbarNotifier.exe (4752)
______ ?????????? (4932)
______ C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (5088)
______ C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (5096)
______ C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (4000)
Locked SynTPHelper.exe (636)
______ C:\Users\Englewood\AppData\Roaming\Dropbox\bin\Dropbox.exe (4456)
______ ?????????? (4476)
______ ?????????? (4404)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4768)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4592)
Locked iPodService.exe (5440)
Locked svchost.exe (5480)
______ ?????????? (5712)
Locked dllhost.exe (6240)
Locked TMachInfo.exe (6568)
Locked TosSmartSrv.exe (5864)
______ ?????????? (6524)
Locked TPCHSrv.exe (5328)
______ ?????????? (6832)
Locked svchost.exe (3512)
Locked SearchProtocolHost.exe (21872)
Locked SearchFilterHost.exe (23116)
______ C:\Users\Englewood\Downloads\Rooter(1).exe (16152)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 (Start_Offset:1573912576 | Length:623391014912)
\Device\Harddisk0\Partition3 (Start_Offset:624964927488 | Length:15169748992)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:34.15
.
C:\Rooter$\Rooter_3.txt - (14/04/2013 | 11:34.15)

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Updated java and got something - Page 2 EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Updated java and got something - Page 2 EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Updated java and got something - Page 2 EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Updated java and got something - Page 2 EsetAcceptTerms
•Click the Updated java and got something - Page 2 EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Updated java and got something - Page 2 EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Updated java and got something - Page 2 EsetListThreats
•Push Updated java and got something - Page 2 EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Updated java and got something - Page 2 EsetBack button.
•Push Updated java and got something - Page 2 EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
C:\Users\Englewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\153af6ed-1202399a a variant of Win32/TrojanDownloader.Moure.A trojan cleaned by deleting - quarantined

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
How's your computer working now?

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
fine but i keep getting these lil pop up video ads coming up and on youtube the same thing all kinds of strange ads start playing

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
on youtube the same thing all kinds of strange ads start playing .

Youtube is full of ads.
What browser do you see the ads on; IE or Firefox?


Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
Firefox

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
DJ Englewood wrote:
Firefox

Then, the problem appears to be with FF. You should mess around with the tools to see if you can increase the security as regards to pop-up ads.

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Englewood on Fri 06/07/2013 at 21:14:21.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasmancs



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho272B.tmp
Successfully deleted: [File] C:\windows\syswow64\sho41EF.tmp
Successfully deleted: [File] C:\windows\syswow64\sho50C0.tmp
Successfully deleted: [File] C:\windows\syswow64\sho80EB.tmp
Successfully deleted: [File] C:\windows\syswow64\sho9F35.tmp
Successfully deleted: [File] C:\windows\syswow64\shoA2C0.tmp
Successfully deleted: [File] C:\windows\syswow64\shoB6DD.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBA16.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC07C.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC20C.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC553.tmp
Successfully deleted: [File] C:\windows\syswow64\shoDEA2.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Englewood\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Failed to delete: [Folder] "C:\Program Files (x86)\pc checkup"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{30098A1C-8D93-433B-8ADB-074EC91558F9}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{3502B2A0-5D74-4983-B9C8-B9FD7AFB1236}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{38C608A6-6724-49EC-8C23-D675B506AAFF}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{4094E6E2-EC7F-488F-99AC-761C2A47A87E}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{4311B60E-1585-48C2-A8D6-0F47963CF020}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{44183109-55AD-4A60-A11D-EE37DEED0763}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{58871777-365E-4D10-9C3F-B75D4C2CD4C1}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{630FBA93-335B-4C58-BD76-0E12D4269081}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{67272EB1-B48D-4248-A196-D05B4CBF0985}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{6A050366-5761-4D45-BF62-29039B66CDA4}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{718437B9-F582-465D-8FDC-02B9359A5D22}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{8F1FDB8E-754E-41C1-AEE7-991781416BF9}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{C564145C-F705-4DF8-B834-48B3145A23B4}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{CABD2347-1441-4432-87F3-8E064B4C68E1}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{DE0DCF7B-E896-4789-99FB-09FCDEF74E67}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{E34D6A9B-A367-4275-95B2-832F7E64B3AE}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{E47CB1D3-4476-4853-BEE0-174EAF9B0335}
Successfully deleted: [Empty Folder] C:\Users\Englewood\appdata\local\{FC2AC134-5657-4AA7-96B6-0F0ADEA67625}



~~~ FireFox

Successfully deleted: [File] C:\Users\Englewood\AppData\Roaming\mozilla\firefox\profiles\bq4zkpaq.default\user.js
Emptied folder: C:\Users\Englewood\AppData\Roaming\mozilla\firefox\profiles\bq4zkpaq.default\minidumps [86 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/07/2013 at 21:24:21.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
Are you still getting the pop-ups?

descriptionUpdated java and got something - Page 2 EmptyRe: Updated java and got something

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum