TechSpot

Recovered from virus attack, but Java is dead!!

  1. No idea if this is in the right section of the forum, but I couldn't seem to find an appropriate area. Sorry in advance if I'm a bit misplaced or this thread needs to be moved.

    So Broni and I have just fixed a big virus attack, but I'm now finding that everything that uses Java isn't working. Got any advice?

    I tried uninstalling Java and used JavaRa again. Tried reinstalling Java as an admin as well. I finally got Java to show up in my control panel, indicating that I got it installed, but it still doesn't work with any of my browsers.

    The traditional uninstall from the control panel doesn't work. It never gets uninstalled and still shows up in my programs list, even after JavaRa. Got any ideas?


    Additionally, on a completely different note, I can't backup files? I guess Vista has some kinda built in back up software, and it fails when it tries to back up. Usually I back up to an external drive, but for some reason it doesn't work anymore. Maybe the viruses damaged some stuff on the back up drive?
     
  2. jobeard

    jobeard TS Ambassador Posts: 13,516   +336

    ok, you got Java installed. The browser needs the Java Plug-ins - - each browser has it's own means to
    find and install plug-ins.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It look at the malware cleaning logs. I think what happened is that you ran Java Ra either before you updated or you did not choose the option to remove old versions only. So you wiped out all of the multiple Java entries you had. DO NOT Run JAVA RA again! You had the Java Toolbox on Firefox which isn't the right plugin.

    I'd like to see what's on the system now. Please download again:
    Download Combofix from HERE or HERE and save to the desktop:
    • Double click combofix.exe & follow the prompts.
    • If prompted for Recovery Console, please allow.
      [o]Once installed, you should see a blue screen prompt that says:
      Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
      Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please paste the log in your next reply.

    If you have any problem with Combofix, stop and let me know.

    Please don't run any other scans or updates for now.
     
  4. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Alrighty, here's the Combofix log. Followed all instructions exactly.

    ComboFix 12-08-17.03 - Ray 08/17/2012 23:42:35.2.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.6176 [GMT -7:00]
    Running from: c:\users\Ray\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
    c:\windows\jestertb.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-18 06:50 . 2012-08-18 07:02 -------- d-----w- c:\users\Ray\AppData\Local\temp
    2012-08-18 06:50 . 2012-08-18 06:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-17 07:08 . 2012-08-17 07:07 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-08-17 07:08 . 2012-08-17 07:07 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-17 07:08 . 2012-08-17 07:07 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-17 07:08 . 2012-08-17 07:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-17 07:08 . 2012-08-17 07:07 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-17 07:08 . 2012-08-17 07:07 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-17 07:07 . 2012-08-17 07:07 -------- d-----w- c:\program files\Java
    2012-08-16 20:13 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-16 20:13 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-16 20:13 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-08-16 20:13 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-16 20:13 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-16 20:12 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-16 20:12 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-16 19:51 . 2012-08-16 19:51 -------- d-----w- c:\program files (x86)\Oracle
    2012-08-16 19:50 . 2012-08-16 19:49 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-16 04:14 . 2012-08-16 04:14 -------- d-----w- c:\program files (x86)\ESET
    2012-08-16 03:29 . 2012-08-16 03:29 -------- d-----w- C:\_OTL
    2012-08-13 07:08 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-13 07:06 . 2012-08-16 20:12 -------- d-----w- c:\programdata\AVAST Software
    2012-08-13 07:06 . 2012-08-16 20:12 -------- d-----w- c:\program files\AVAST Software
    2012-08-13 04:46 . 2012-08-13 04:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-10 19:36 . 2011-09-17 02:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
    2012-08-10 19:35 . 2012-08-10 19:54 -------- d-----w- c:\program files (x86)\Quicken
    2012-08-10 08:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\plugins\nppdf32.dll
    2012-07-25 18:27 . 2012-07-25 18:27 -------- d-----w- c:\users\Ray\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 19:49 . 2011-03-24 18:08 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-12 21:35 . 2012-03-29 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-12 21:35 . 2012-03-29 16:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 10:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
    2012-07-03 20:46 . 2011-12-12 07:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-31 19:25 . 2011-06-23 09:12 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-16_02.07.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 03:20 . 2012-08-16 01:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2012-08-18 06:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-08-16 01:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-08-16 20:13 . 2012-08-18 06:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-21 03:20 . 2012-08-16 01:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 03:20 . 2012-08-18 06:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2012-08-17 07:15 58356 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2012-08-17 07:15 99114 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-04-02 21:37 . 2012-08-17 07:16 13224 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2500361401-2329092988-2998417166-1000_UserData.bin
    - 2009-10-24 21:26 . 2012-08-16 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-24 21:26 . 2012-08-17 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-24 21:26 . 2012-08-16 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-24 21:26 . 2012-08-17 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-18 06:52 . 2012-08-18 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-16 01:47 . 2012-08-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-18 06:52 . 2012-08-18 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-16 01:47 . 2012-08-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-16 19:50 . 2012-08-16 19:49 227824 c:\windows\SysWOW64\javaws.exe
    + 2012-08-16 19:49 . 2012-08-16 19:49 174064 c:\windows\SysWOW64\javaw.exe
    + 2012-08-16 19:49 . 2012-08-16 19:49 174064 c:\windows\SysWOW64\java.exe
    + 2010-12-24 13:24 . 2012-08-18 03:45 395268 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 12:46 . 2012-08-18 07:00 613032 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-08-16 01:53 613032 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2012-08-18 07:00 107990 c:\windows\system32\perfc009.dat
    - 2006-11-02 12:46 . 2012-08-16 01:53 107990 c:\windows\system32\perfc009.dat
    - 2009-04-02 18:54 . 2012-08-15 22:47 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-04-02 18:54 . 2012-08-17 03:46 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-04-02 18:54 . 2012-08-15 22:47 393216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-04-02 18:54 . 2012-08-17 03:46 393216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-12-17 16:18 . 2012-08-18 06:51 392556 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
    + 2012-08-17 07:07 . 2012-08-17 07:07 899584 c:\windows\Installer\7abc6f.msi
    + 2012-08-16 19:49 . 2012-08-16 19:49 863744 c:\windows\Installer\357cff5.msi
    + 2011-06-06 19:55 . 2011-06-06 19:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
    + 2009-04-02 18:54 . 2012-08-17 03:46 2179072 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-04-02 18:54 . 2012-08-15 22:47 2179072 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-12-17 16:18 . 2012-08-18 06:51 2049788 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2500361401-2329092988-2998417166-1000-8192.dat
    + 2009-11-27 22:26 . 2012-08-18 06:51 5904632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-06-06 19:55 . 2011-06-06 19:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
    + 2012-08-16 19:45 . 2012-08-16 19:45 13123584 c:\windows\Installer\357cfee.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952]
    "QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-04-19 12288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
    "AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2008-12-22 88576]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
    .
    2012-08-18 c:\windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
    "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = %SystemRoot%\system32\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-18 00:06:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-18 07:06
    ComboFix2.txt 2012-08-16 02:09
    .
    Pre-Run: 788,480,872,448 bytes free
    Post-Run: 788,315,668,480 bytes free
    .
    - - End Of File - - 40467A0626A86FF7F38D861466C3B9FE
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'm working on the log now. There are some removals I'll set up for you to run through Combofix. But we are having a storm and I may have to shut down.

    Please don't run any scans or do any updating- except to update AV, but no auto-scan in the meantime.

    DO NOT run Java Ra or attempt to get Java yet.

    Edit: Please tell me if you are a developer using advanced Java technologies in your work>OR- if you are an average computer user with 'normal' Java requirements.
     
  6. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    I'm just a normal guy trying to get his compuker to work.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Java entries you have are for developers- lots of 'stuff' you don't need.

    Please do a search in your system for the following: You will search All Files and Folders, Location: Local Drive (C)
    Java 2 Runtime Environment

    Let me know if you find it and where it is. This has to be one the system to get an update. I think it may have been removed with the multiple Java Ra runs
     
  8. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Didn't find anything by that name on the C drive. So... what do I do then?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I didn't think you would. You must have a copy of the JRE (Java Runtime Environment) on your system to run Java applications and applets.
    ------------------------------------------
    Note: Check all download screen for any pre-checked items and uncheck them. Frequent offender is Ask Bar, sometimes Norton or McAfee, Open Office. You do NOT want to get any of them.

    Download Java Runtime Environment 1.7.0.6 (64-bit) and save to your desktop.
    • Double click on the File to run the program.
    • Follow the onscreen prompts
    • Reboot when finished.
    ---------------------------------
    Please update Java: Java Updates
    • Accept the End User Terms
    • Choose the Windows Online Download> v7u5
    • Follow the same 'save to desktop', then 'run' as above
    • Reboot the computer when finished.

      Let me know if it went okay. Then I'll give you the script to remove the Java processes for developer that were on the system.
    • Do not add any other Java.
    • DO NOT Run JAVA RA
     
  10. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Alright, I've installed Java Runtime Environment and updated with the 64 bit version. After clicking the Java Updates link that you posted, the Java website said that I might be running a 32 bit browser and that I might need a 32 bit version of Java in addition to the 64 bit for everything to work properly. What do you guys think of this?
     
  11. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    And... now that I've rebooted, still no luck with any Java stuff working. Got any ideas?
    I went to the Java's website for testing functionality:
    http://www.java.com/en/download/testjava.jsp
    And still have come up with nothing...
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I went to the test site and had a couple of blinks, then pause, before the box came up and said "Your Java is working." Did you get this acknowledgement?

    You can go ahead and download the 32-bit version.
    ===========================
    It's push come to shove time> this is where the vagueness goes and the exact comes in: This means I need detail (not 'it doesn't work!')

    What do you mean be everything?
    What happens- or doesn't happen-when it isn't working?

    3. There is a lengthy section for Restore Points in the DDS log. They show this with different dates and times:
    3A)Are you setting a restore point? every day before you back up the system and naming all of them Windows Update? If not, then what are you doing.

    3B)Are you trying to save new files and folders? to another drive- these would serve as 'backup' in case of hard drive failure, so that you can replace then.

    3C)Or are you trying to do a system backup? If Yes, why so frequently?

    4. Is Chrome your default browser? If not, which is the default? In the default browser, open Tools> Addons (or whatever the equivalent term is)> check the plugins and extensions sections and list any Java entries.

    5. Imaging is important to you. But do you realize you are running processes for 3 printers?
    HP LaserJet P1000 series
    HP Photosmart Essential
    Canon Easy-PhotoPrint Pro
    In addition, there are multiple scanner processes running for:
    OVTScanner_X64
    PhotoshopdotcomInspirationBrowser
    Picasa 3
    EPSON Perfection 4870 PHOTO> This product is discontinued and replaced with: EPSON Perfection 4490 Office Scanner.
    ===================================
    I know this is more than your asking, but I try to consider the entire system. Many times, problems can be caused by other processes running.
     
  13. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Thank you for encompassing my entire computer. I try to do the same when I work on this thing.

    When I go to the test Java site, I get pop ups from Chrome that say that my Java Tm was blocked b/c it is out of date. I also get a pop up that says that JavaTM is required for the site to work. Of course, the corresponding Java web content on the page doesn't open. No idea why this happens b/c I've installed the latest Java Run Time environment and I've updated it.

    "Everything" that uses Java basically doesn't work. I don't know Java very well, but everything in this case means everything. This page doesn't work either.
    http://javatester.org/version.html
    I get a message from Chrome that says JavaTM is required and offers me a link to download it.

    With regard to backing up files, I know very little about how the backup system works on this thing. All I know is that it backs up to an external HD. If you go to Settings ->Control Panel->Backup and Restore Center, I have automatic backups turned on.
    It says that my latest backup failed. After looking at the details, it says that my latest back up set cannot be found. Then it says(0x8100000a)
     
  14. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.