TechSpot

Outdated Java Virus On Windows 7

By HaruHaru
Mar 1, 2014
  1. It pops up when I'm watching any videos, I need help getting rid of it please!
     
  2. HaruHaru

    HaruHaru TS Rookie Topic Starter

    I have run a scan with Malwarebytes and nothing was found and I don't know if the log needs to be posted still
     
  3. HaruHaru

    HaruHaru TS Rookie Topic Starter

    This is the attach log from the DDS:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/07/2012 13:13:02
    System Uptime: 01/03/2014 15:30:29 (2 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAE
    Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 263.956 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP203: 14/02/2014 22:04:35 - Windows Update
    RP204: 15/02/2014 14:50:25 - Windows Update
    RP205: 15/02/2014 22:43:54 - Windows Update
    RP206: 16/02/2014 23:27:52 - Windows Update
    RP207: 17/02/2014 21:54:54 - Windows Update
    RP208: 18/02/2014 23:17:21 - Windows Update
    RP209: 19/02/2014 22:51:35 - Windows Update
    RP210: 20/02/2014 22:13:23 - Windows Update
    RP211: 22/02/2014 01:08:56 - Windows Update
    RP212: 22/02/2014 23:39:19 - Windows Update
    RP213: 23/02/2014 22:02:47 - Removed Skype Click to Call
    RP214: 24/02/2014 18:07:58 - Windows Update
    RP215: 26/02/2014 19:05:55 - Windows Update
    RP216: 27/02/2014 21:25:50 - Windows Update
    RP217: 27/02/2014 23:54:15 - Windows Update
    RP218: 01/03/2014 15:35:02 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.03)
    Amnesia - The Dark Descent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Internet Security
    Bonjour
    Google Chrome
    Google Update Helper
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 33
    K-Lite Codec Pack 7.0.0 (Standard)
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5.1
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenOffice 4.0.1
    Skype™ 6.11
    Tango
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/02/2014 23:56:53, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599).
    27/02/2014 23:56:45, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2773072).
    27/02/2014 23:55:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2786081).
    27/02/2014 23:55:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422).
    27/02/2014 23:55:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
    24/02/2014 15:29:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    24/02/2014 15:18:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    24/02/2014 14:51:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    24/02/2014 14:51:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    24/02/2014 14:51:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    24/02/2014 14:51:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
    22/02/2014 23:23:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    01/03/2014 15:39:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7.
    01/03/2014 15:30:50, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    01/03/2014 15:30:50, Error: atikmdag [43029] - Display is not active
    .
    ==== End Of File ===========================
     
  4. HaruHaru

    HaruHaru TS Rookie Topic Starter

    And this is the DDS.txt from the DDS:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16533
    Run by User at 17:42:42 on 2014-03-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.753 [GMT 0:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.ask.com/?l=dis&o=41648000&gct=hp
    uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Tango] c:\program files\tango\Tango.exe -r
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\f738baa6-4623-40fb-afae-0cd96dba8b0d.exe /check
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD}\24944535 : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-11 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-11 180248]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-5-11 26136]
    R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswndisflt.sys [2013-5-11 265072]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-11 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-11 410784]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-11 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-5 50344]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-2-5 113704]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-1 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-1 701512]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-29 64168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-1 22856]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-27 40736]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-16 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-16 1343400]
    .
    =============== Created Last 30 ================
    .
    2014-03-01 15:50:59 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5272aece-49c6-45d9-b806-75aab6413bed}\mpengine.dll
    2014-03-01 15:41:48 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2014-03-01 15:41:33 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-01 15:41:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-01 15:41:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-03-01 15:40:07 -------- d-----w- c:\users\user\appdata\local\Programs
    2014-02-27 21:34:46 -------- d-----w- c:\windows\Migration
    2014-02-13 23:55:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-02-13 20:13:09 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2014-02-13 20:13:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-02-13 20:13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-13 20:13:05 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-13 20:13:01 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2014-02-13 20:13:01 572416 ----a-w- c:\windows\system32\RMActivate.exe
    2014-02-13 20:13:01 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2014-02-13 20:13:00 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2014-02-13 20:13:00 428032 ----a-w- c:\windows\system32\secproc.dll
    2014-02-13 20:13:00 423936 ----a-w- c:\windows\system32\secproc_isv.dll
    2014-02-13 20:13:00 390144 ----a-w- c:\windows\system32\msdrm.dll
    2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
    .
    ==================== Find3M ====================
    .
    2014-02-21 18:22:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-21 18:22:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-18 14:47:20 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
    2014-02-05 20:14:34 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-05 20:14:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-05 20:14:34 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-02-05 20:14:33 43152 ----a-w- c:\windows\avastSS.scr
    2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
    2013-12-29 17:51:22 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-29 15:14:33 0 ----a-w- c:\program files\GUTBF88.tmp
    2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-06 13:37:48 29728 ----a-w- c:\windows\system32\drivers\mcaudrv.sys
    .
    ============= FINISH: 17:44:12.88 ===============
     
  5. HaruHaru

    HaruHaru TS Rookie Topic Starter

    I don't know if you needed any of this information still??
     
  6. Broni

    Broni Malware Annihilator Posts: 52,887   +344

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...