Recovered from virus attack, but Java is dead!!

gottarollwithit · Aug 17, 2012

No idea if this is in the right section of the forum, but I couldn't seem to find an appropriate area. Sorry in advance if I'm a bit misplaced or this thread needs to be moved.

So Broni and I have just fixed a big virus attack, but I'm now finding that everything that uses Java isn't working. Got any advice?

I tried uninstalling Java and used JavaRa again. Tried reinstalling Java as an admin as well. I finally got Java to show up in my control panel, indicating that I got it installed, but it still doesn't work with any of my browsers.

The traditional uninstall from the control panel doesn't work. It never gets uninstalled and still shows up in my programs list, even after JavaRa. Got any [FONT=inherit]ideas[/FONT]?

Additionally, on a completely different note, I can't backup files? I guess Vista has some kinda built in back up software, and it fails when it tries to back up. Usually I back up to an external drive, but for some reason it doesn't work anymore. Maybe the viruses damaged some stuff on the back up drive?

DelJo63 · Aug 17, 2012

ok, you got Java installed. The browser needs the Java Plug-ins - - each browser has it's own means to
find and install plug-ins.

Bobbye · Aug 17, 2012

It look at the malware cleaning logs. I think what happened is that you ran Java Ra either before you updated or you did not choose the option to remove old versions only. So you wiped out all of the multiple Java entries you had. DO NOT Run JAVA RA again! You had the Java Toolbox on Firefox which isn't the right plugin.

I'd like to see what's on the system now. Please download again:
Download Combofix from HERE or HERE and save to the desktop:

Double click combofix.exe & follow the prompts.
If prompted for Recovery Console, please allow.
[o]Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Click to expand...

Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
Note: No query will be made if the Recovery Console is already on the system.
Close any open browsers.
Before you run the Combofix scan, please disable any security software you have running.
(If you need help with this, please see HERE)
Click on Yes, to continue scanning for malware
If Combofix asks you to update the program, allow
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1

o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please paste the log in your next reply.

If you have any problem with Combofix, stop and let me know.

Please don't run any other scans or updates for now.

gottarollwithit · Aug 18, 2012

Alrighty, here's the Combofix log. Followed all instructions exactly.

ComboFix 12-08-17.03 - Ray 08/17/2012 23:42:35.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.6176 [GMT -7:00]
Running from: c:\users\Ray\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 06:50 . 2012-08-18 07:02 -------- d-----w- c:\users\Ray\AppData\Local\temp
2012-08-18 06:50 . 2012-08-18 06:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 07:08 . 2012-08-17 07:07 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-17 07:08 . 2012-08-17 07:07 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 07:08 . 2012-08-17 07:07 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 07:08 . 2012-08-17 07:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-17 07:08 . 2012-08-17 07:07 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-17 07:08 . 2012-08-17 07:07 188904 ----a-w- c:\windows\system32\java.exe
2012-08-17 07:07 . 2012-08-17 07:07 -------- d-----w- c:\program files\Java
2012-08-16 20:13 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-16 20:13 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-16 20:13 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-16 20:13 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-16 20:13 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-16 20:12 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-16 20:12 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-16 19:51 . 2012-08-16 19:51 -------- d-----w- c:\program files (x86)\Oracle
2012-08-16 19:50 . 2012-08-16 19:49 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-16 04:14 . 2012-08-16 04:14 -------- d-----w- c:\program files (x86)\ESET
2012-08-16 03:29 . 2012-08-16 03:29 -------- d-----w- C:\_OTL
2012-08-13 07:08 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 07:06 . 2012-08-16 20:12 -------- d-----w- c:\programdata\AVAST Software
2012-08-13 07:06 . 2012-08-16 20:12 -------- d-----w- c:\program files\AVAST Software
2012-08-13 04:46 . 2012-08-13 04:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-10 19:36 . 2011-09-17 02:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-08-10 19:35 . 2012-08-10 19:54 -------- d-----w- c:\program files (x86)\Quicken
2012-08-10 08:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\plugins\nppdf32.dll
2012-07-25 18:27 . 2012-07-25 18:27 -------- d-----w- c:\users\Ray\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 19:49 . 2011-03-24 18:08 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-12 21:35 . 2012-03-29 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 21:35 . 2012-03-29 16:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 10:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 20:46 . 2011-12-12 07:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 19:25 . 2011-06-23 09:12 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_02.07.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-08-16 01:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-18 06:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-08-16 01:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-16 20:13 . 2012-08-18 06:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-16 01:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-18 06:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-08-17 07:15 58356 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-17 07:15 99114 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-02 21:37 . 2012-08-17 07:16 13224 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2500361401-2329092988-2998417166-1000_UserData.bin
- 2009-10-24 21:26 . 2012-08-16 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-24 21:26 . 2012-08-17 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 21:26 . 2012-08-16 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 21:26 . 2012-08-17 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-18 06:52 . 2012-08-18 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-16 01:47 . 2012-08-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-18 06:52 . 2012-08-18 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-16 01:47 . 2012-08-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 19:50 . 2012-08-16 19:49 227824 c:\windows\SysWOW64\javaws.exe
+ 2012-08-16 19:49 . 2012-08-16 19:49 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-08-16 19:49 . 2012-08-16 19:49 174064 c:\windows\SysWOW64\java.exe
+ 2010-12-24 13:24 . 2012-08-18 03:45 395268 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2012-08-18 07:00 613032 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-16 01:53 613032 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-18 07:00 107990 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-16 01:53 107990 c:\windows\system32\perfc009.dat
- 2009-04-02 18:54 . 2012-08-15 22:47 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-02 18:54 . 2012-08-17 03:46 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-02 18:54 . 2012-08-15 22:47 393216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-02 18:54 . 2012-08-17 03:46 393216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-17 16:18 . 2012-08-18 06:51 392556 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2012-08-17 07:07 . 2012-08-17 07:07 899584 c:\windows\Installer\7abc6f.msi
+ 2012-08-16 19:49 . 2012-08-16 19:49 863744 c:\windows\Installer\357cff5.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2009-04-02 18:54 . 2012-08-17 03:46 2179072 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-02 18:54 . 2012-08-15 22:47 2179072 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 16:18 . 2012-08-18 06:51 2049788 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2500361401-2329092988-2998417166-1000-8192.dat
+ 2009-11-27 22:26 . 2012-08-18 06:51 5904632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-06 19:55 . 2011-06-06 19:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2012-08-16 19:45 . 2012-08-16 19:45 13123584 c:\windows\Installer\357cfee.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952]
"QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-04-19 12288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2008-12-22 88576]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
.
2012-08-18 c:\windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-08-18 00:06:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 07:06
ComboFix2.txt 2012-08-16 02:09
.
Pre-Run: 788,480,872,448 bytes free
Post-Run: 788,315,668,480 bytes free
.
- - End Of File - - 40467A0626A86FF7F38D861466C3B9FE

Bobbye · Aug 18, 2012

I'm working on the log now. There are some removals I'll set up for you to run through Combofix. But we are having a storm and I may have to shut down.

Please don't run any scans or do any updating- except to update AV, but no auto-scan in the meantime.

DO NOT run Java Ra or attempt to get Java yet.

Edit: Please tell me if you are a developer using advanced Java technologies in your work>OR- if you are an average computer user with 'normal' Java requirements.

gottarollwithit · Aug 18, 2012

I'm just a normal guy trying to get his compuker to work.

Bobbye · Aug 18, 2012

The Java entries you have are for developers- lots of 'stuff' you don't need.

Please do a search in your system for the following: You will search All Files and Folders, Location: Local Drive (C)
Java 2 Runtime Environment

Let me know if you find it and where it is. This has to be one the system to get an update. I think it may have been removed with the multiple Java Ra runs

gottarollwithit · Aug 18, 2012

Didn't find anything by that name on the C drive. So... what do I do then?

Bobbye · Aug 18, 2012

I didn't think you would. You must have a copy of the JRE (Java Runtime Environment) on your system to run Java applications and applets.
------------------------------------------
Note: Check all download screen for any pre-checked items and uncheck them. Frequent offender is Ask Bar, sometimes Norton or McAfee, Open Office. You do NOT want to get any of them.

Download Java Runtime Environment 1.7.0.6 (64-bit) and save to your desktop.

Double click on the File to run the program.
Follow the onscreen prompts
Reboot when finished.

---------------------------------
Please update Java: Java Updates

Accept the End User Terms
Choose the Windows Online Download> v7u5
Follow the same 'save to desktop', then 'run' as above
Reboot the computer when finished.

Let me know if it went okay. Then I'll give you the script to remove the Java processes for developer that were on the system.

Do not add any other Java.

DO NOT Run JAVA RA

gottarollwithit · Aug 18, 2012

Alright, I've installed Java Runtime Environment and updated with the 64 bit version. After clicking the Java Updates link that you posted, the Java website said that I might be running a 32 bit browser and that I might need a 32 bit version of Java in addition to the 64 bit for everything to work properly. What do you guys think of this?

gottarollwithit · Aug 18, 2012

And... now that I've rebooted, still no luck with any Java stuff working. Got any ideas?
I went to the Java's website for testing functionality:
http://www.java.com/en/download/testjava.jsp
And still have come up with nothing...

Bobbye · Aug 19, 2012

I went to the test site and had a couple of blinks, then pause, before the box came up and said "Your Java is working." Did you get this acknowledgement?

You can go ahead and download the 32-bit version.
===========================
It's push come to shove time> this is where the vagueness goes and the exact comes in: This means I need detail (not 'it doesn't work!')

1. everything that uses Java isn't working.

What do you mean be everything?
What happens- or doesn't happen-when it isn't working?

2. why I can't backup files?

I guess Vista has some kinda built in back up software. Usually I back up to an external drive, but for some reason it doesn't work anymore.

3. There is a lengthy section for Restore Points in the DDS log. They show this with different dates and times:

RP1588: 8/3/2012 12:00:10 AM - Windows Backup

3A)Are you setting a restore point? every day before you back up the system and naming all of them Windows Update? If not, then what are you doing.

3B)Are you trying to save new files and folders? to another drive- these would serve as 'backup' in case of hard drive failure, so that you can replace then.

3C)Or are you trying to do a system backup? If Yes, why so frequently?

4. Is Chrome your default browser? If not, which is the default? In the default browser, open Tools> Addons (or whatever the equivalent term is)> check the plugins and extensions sections and list any Java entries.

5. Imaging is important to you. But do you realize you are running processes for 3 printers?
HP LaserJet P1000 series
HP Photosmart Essential
Canon Easy-PhotoPrint Pro
In addition, there are multiple scanner processes running for:
OVTScanner_X64
PhotoshopdotcomInspirationBrowser
Picasa 3
EPSON Perfection 4870 PHOTO> This product is discontinued and replaced with: EPSON Perfection 4490 Office Scanner.
===================================
I know this is more than your asking, but I try to consider the entire system. Many times, problems can be caused by other processes running.

gottarollwithit · Aug 23, 2012

Thank you for encompassing my entire computer. I try to do the same when I work on this thing.

When I go to the test Java site, I get pop ups from Chrome that say that my Java Tm was blocked b/c it is out of date. I also get a pop up that says that JavaTM is required for the site to work. Of course, the corresponding Java web content on the page doesn't open. No idea why this happens b/c I've installed the latest Java Run Time environment and I've updated it.

"Everything" that uses Java basically doesn't work. I don't know Java very well, but everything in this case means everything. This page doesn't work either.
http://javatester.org/version.html
I get a message from Chrome that says JavaTM is required and offers me a link to download it.

With regard to backing up files, I know very little about how the backup system works on this thing. All I know is that it backs up to an external HD. If you go to Settings ->Control Panel->Backup and Restore Center, I have automatic backups turned on.
It says that my latest backup failed. After looking at the details, it says that my latest back up set cannot be found. Then it says(0x8100000a)

gottarollwithit · Aug 27, 2012

Anybody?

Recovered from virus attack, but Java is dead!!

gottarollwithit

Posts: 36 +0

DelJo63

Bobbye

Posts: 16,313 +36

gottarollwithit

Posts: 36 +0

Bobbye

Posts: 16,313 +36

gottarollwithit

Posts: 36 +0

Bobbye

Posts: 16,313 +36

gottarollwithit

Posts: 36 +0

Bobbye

Posts: 16,313 +36

gottarollwithit

Posts: 36 +0

gottarollwithit

Posts: 36 +0

Bobbye

Posts: 16,313 +36

gottarollwithit

Posts: 36 +0

gottarollwithit

Posts: 36 +0

Similar threads

Latest posts