Inactive Outdated Java Virus On Windows 7
- Thread starter HaruHaru
- Start date
- Status
This is the attach log from the DDS:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/07/2012 13:13:02
System Uptime: 01/03/2014 15:30:29 (2 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 263.956 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP203: 14/02/2014 22:04:35 - Windows Update
RP204: 15/02/2014 14:50:25 - Windows Update
RP205: 15/02/2014 22:43:54 - Windows Update
RP206: 16/02/2014 23:27:52 - Windows Update
RP207: 17/02/2014 21:54:54 - Windows Update
RP208: 18/02/2014 23:17:21 - Windows Update
RP209: 19/02/2014 22:51:35 - Windows Update
RP210: 20/02/2014 22:13:23 - Windows Update
RP211: 22/02/2014 01:08:56 - Windows Update
RP212: 22/02/2014 23:39:19 - Windows Update
RP213: 23/02/2014 22:02:47 - Removed Skype Click to Call
RP214: 24/02/2014 18:07:58 - Windows Update
RP215: 26/02/2014 19:05:55 - Windows Update
RP216: 27/02/2014 21:25:50 - Windows Update
RP217: 27/02/2014 23:54:15 - Windows Update
RP218: 01/03/2014 15:35:02 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.03)
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
Bonjour
Google Chrome
Google Update Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 33
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice 4.0.1
Skype™ 6.11
Tango
.
==== Event Viewer Messages From Past Week ========
.
27/02/2014 23:56:53, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599).
27/02/2014 23:56:45, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2773072).
27/02/2014 23:55:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2786081).
27/02/2014 23:55:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422).
27/02/2014 23:55:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
24/02/2014 15:29:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/02/2014 15:18:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
24/02/2014 14:51:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/02/2014 14:51:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/02/2014 14:51:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/02/2014 14:51:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
22/02/2014 23:23:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
01/03/2014 15:39:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7.
01/03/2014 15:30:50, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
01/03/2014 15:30:50, Error: atikmdag [43029] - Display is not active
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/07/2012 13:13:02
System Uptime: 01/03/2014 15:30:29 (2 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 263.956 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP203: 14/02/2014 22:04:35 - Windows Update
RP204: 15/02/2014 14:50:25 - Windows Update
RP205: 15/02/2014 22:43:54 - Windows Update
RP206: 16/02/2014 23:27:52 - Windows Update
RP207: 17/02/2014 21:54:54 - Windows Update
RP208: 18/02/2014 23:17:21 - Windows Update
RP209: 19/02/2014 22:51:35 - Windows Update
RP210: 20/02/2014 22:13:23 - Windows Update
RP211: 22/02/2014 01:08:56 - Windows Update
RP212: 22/02/2014 23:39:19 - Windows Update
RP213: 23/02/2014 22:02:47 - Removed Skype Click to Call
RP214: 24/02/2014 18:07:58 - Windows Update
RP215: 26/02/2014 19:05:55 - Windows Update
RP216: 27/02/2014 21:25:50 - Windows Update
RP217: 27/02/2014 23:54:15 - Windows Update
RP218: 01/03/2014 15:35:02 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.03)
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
Bonjour
Google Chrome
Google Update Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 33
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice 4.0.1
Skype™ 6.11
Tango
.
==== Event Viewer Messages From Past Week ========
.
27/02/2014 23:56:53, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599).
27/02/2014 23:56:45, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2773072).
27/02/2014 23:55:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB2786081).
27/02/2014 23:55:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422).
27/02/2014 23:55:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
24/02/2014 15:29:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/02/2014 15:18:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
24/02/2014 14:51:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/02/2014 14:51:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/02/2014 14:51:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/02/2014 14:51:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/02/2014 14:51:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
22/02/2014 23:23:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
01/03/2014 15:39:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7.
01/03/2014 15:30:50, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
01/03/2014 15:30:50, Error: atikmdag [43029] - Display is not active
.
==== End Of File ===========================
And this is the DDS.txt from the DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by User at 17:42:42 on 2014-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.753 [GMT 0:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=41648000&gct=hp
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Tango] c:\program files\tango\Tango.exe -r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\f738baa6-4623-40fb-afae-0cd96dba8b0d.exe /check
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD}\24944535 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-11 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-11 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-5-11 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswndisflt.sys [2013-5-11 265072]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-11 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-11 410784]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-11 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-5 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-2-5 113704]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-1 701512]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-29 64168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-1 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-27 40736]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-16 1343400]
.
=============== Created Last 30 ================
.
2014-03-01 15:50:59 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5272aece-49c6-45d9-b806-75aab6413bed}\mpengine.dll
2014-03-01 15:41:48 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2014-03-01 15:41:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 15:41:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 15:41:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-01 15:40:07 -------- d-----w- c:\users\user\appdata\local\Programs
2014-02-27 21:34:46 -------- d-----w- c:\windows\Migration
2014-02-13 23:55:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 20:13:09 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 20:13:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 20:13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 20:13:05 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 20:13:01 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 20:13:01 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 20:13:01 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 20:13:00 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 20:13:00 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 20:13:00 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 20:13:00 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
.
==================== Find3M ====================
.
2014-02-21 18:22:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:22:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-18 14:47:20 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-02-05 20:14:34 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-05 20:14:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-05 20:14:34 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-05 20:14:33 43152 ----a-w- c:\windows\avastSS.scr
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2013-12-29 17:51:22 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-29 15:14:33 0 ----a-w- c:\program files\GUTBF88.tmp
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-06 13:37:48 29728 ----a-w- c:\windows\system32\drivers\mcaudrv.sys
.
============= FINISH: 17:44:12.88 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by User at 17:42:42 on 2014-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.753 [GMT 0:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=41648000&gct=hp
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Tango] c:\program files\tango\Tango.exe -r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\f738baa6-4623-40fb-afae-0cd96dba8b0d.exe /check
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D58E9624-3A81-4E47-8B74-10FA62740EFD}\24944535 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-11 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-11 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-5-11 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswndisflt.sys [2013-5-11 265072]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-11 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-11 410784]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-11 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-5 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-2-5 113704]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-1 701512]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-29 64168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-1 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-27 40736]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-16 1343400]
.
=============== Created Last 30 ================
.
2014-03-01 15:50:59 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5272aece-49c6-45d9-b806-75aab6413bed}\mpengine.dll
2014-03-01 15:41:48 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2014-03-01 15:41:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 15:41:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 15:41:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-01 15:40:07 -------- d-----w- c:\users\user\appdata\local\Programs
2014-02-27 21:34:46 -------- d-----w- c:\windows\Migration
2014-02-13 23:55:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 20:13:09 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 20:13:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 20:13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 20:13:05 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 20:13:01 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 20:13:01 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 20:13:01 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 20:13:00 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 20:13:00 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 20:13:00 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 20:13:00 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-13 20:12:59 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
.
==================== Find3M ====================
.
2014-02-21 18:22:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:22:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-18 14:47:20 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-02-05 20:14:34 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-05 20:14:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-05 20:14:34 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-05 20:14:33 43152 ----a-w- c:\windows\avastSS.scr
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2013-12-29 17:51:22 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-29 15:14:33 0 ----a-w- c:\program files\GUTBF88.tmp
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-06 13:37:48 29728 ----a-w- c:\windows\system32\drivers\mcaudrv.sys
.
============= FINISH: 17:44:12.88 ===============
Broni
Posts: 56,041 +516
Please do NOT create new topic regarding very same issue.
Please post all of the above info in your original topic: https://www.techspot.com/community/...rus-removal-on-windows-7.200433/#post-1385699
This topic is closed.
Please post all of the above info in your original topic: https://www.techspot.com/community/...rus-removal-on-windows-7.200433/#post-1385699
This topic is closed.
- Status
Similar threads
Latest posts
-
How Sam Altman became a billionaire without equity in OpenAI
- anastrophe replied
