they infected my Java Deployment cache on my main hard drive and also on one of my external hard drives under history.
I think there is still something in there as my internet connection keeps cutting out and my computer slows. Follow up scans with Avast anti virus and malwarebytes show nothing at all.
Download OTL from one of the following links:
[]LINK 1
[]LINK 2
[]LINK 3[/list]Remember to save it on your Desktop.
[list]
[] Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system. Post the new log.
Tell us if the detection problem is still present.
Essexboy will analyze the log reports and forward to you further instructions how to remove aktive malware if present.
You think a step further ahead than should be. First the cleansing has to be performed by the malware remover. The objects were send to the chest, but were they blocked? That is the question. This should be checked at the hand of the logs. Now when the malware has been fully cleansed, java should be updated and previous instances of java uninstalled. After and only after the malware cleansing has been performed, the victim could check with http://secunia.com/vulnerability_scanning/online/ to see to what java version he should update,
[*]Run OTL.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
%SYSTEMDRIVE%*.exe
/md5start
afd.*
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[]When the scan completes, it will open one notepad window.
[]Attach the log
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Farbar Service Scanner Version: 14-02-2012
Ran by Mike PC (administrator) on 17-02-2012 at 16:28:40
Running from “C:\Users\Mike PC\Desktop”
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
Internet Services:
Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
Firewall Disabled Policy:
System Restore:
System Restore Disabled Policy:
Security Center:
Windows Update:
Windows Defender:
File Check:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 14:37] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit