Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log


  • This topic is locked This topic is locked
8 replies to this topic

#1 Disgusted

Disgusted

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 January 2012 - 04:12 PM

Good Afternoon,

I started to feel like my computer had been hijacked or had some spy software on it over a year ago but everything was working fine (for the most part) so I never followed up on it. When I am online, my wireless connection has been getting increasingly worse (even when I am right next to the router) it is as though someone, or something else is using my internet connection. I started to think that I may have some malware and tried spyboot, ad-aware, malware bytes, and now hijack this. Would someone please take a look at my log and let me know what you think?

Thank you for you help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Disgusted

Disgusted
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 January 2012 - 04:25 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelly at 16:21:51 on 2012-01-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2595 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcqcoms.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\2375942554034373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\242757567676562737F564275656F575966496 : DhcpNameServer = 205.214.51.16 205.214.46.10
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\24967602441646469772370224572776562702241627 : DhcpNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\26563747775637475627E6 : DhcpNameServer = 207.191.50.10 207.191.1.10
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\6796275737B696C6C65627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{635ACEEB-5241-4D5E-AE58-F3432D4E637B} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2010-6-16 89600]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 227896]
S3 DCamUSBNovatek;USB2.0 UVC Camera;C:\Windows\system32\Drivers\nvtcam.sys --> C:\Windows\system32\Drivers\nvtcam.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 Ser2ph;Microsoft USB GPS driver;C:\Windows\system32\DRIVERS\ser2ph64.sys --> C:\Windows\system32\DRIVERS\ser2ph64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-01-27 20:52:48 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{206D6BA6-0D7C-4F4C-8278-2BFB9D48CF7F}\mpengine.dll
2012-01-27 19:51:47 388608 ----a-w- C:\Program Files\HijackThis.exe
2012-01-27 17:46:58 -------- d-----w- C:\Users\Shelly\AppData\Roaming\Malwarebytes
2012-01-27 17:46:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-27 15:50:19 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-22 23:06:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-22 22:28:44 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE104984-CDE8-45BF-A1AA-05AADEF44F1A}\gapaengine.dll
2012-01-22 22:27:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-22 22:26:55 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-22 22:08:47 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31F52639-00F2-4FA4-98B6-55253BA48868}\mpengine.dll
2012-01-20 20:59:45 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-20 20:52:16 -------- d-----w- C:\Users\Shelly\AppData\Local\PackageAware
2012-01-20 17:25:32 -------- d-----w- C:\Users\Shelly\AppData\Local\NPE
2012-01-19 22:04:13 -------- d-----w- C:\Program Files\iPod
2012-01-19 22:04:12 -------- d-----w- C:\Program Files\iTunes
2012-01-19 19:02:05 -------- dc----w- C:\Users\Shelly\AppData\Local\MigWiz
2012-01-12 17:52:48 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-01-11 17:11:33 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 17:11:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 17:11:32 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 17:11:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 17:11:26 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 17:11:26 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 17:11:23 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 17:11:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-08 21:25:45 -------- d-----w- C:\Users\Shelly\AppData\Local\adaware
2012-01-07 14:53:07 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-01-03 22:49:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-30 23:02:27 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-30 22:58:00 -------- d-----w- C:\Program Files\Bonjour
2011-12-30 22:58:00 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-01-27 19:47:45 388608 ----a-w- C:\HijackThis.exe
2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-23 19:42:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:22:35.15 ===============

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 30 January 2012 - 11:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs and let me know if the problem persists.

#4 Disgusted

Disgusted
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 30 January 2012 - 05:58 PM

Hello nasdaq,

Thank you for replying so promptly to my message. Attached are both the logs from the Security Check and the Combo Fix. Not sure if this matters, but I had to reboot my computer after Combo fix was done inorder to turn back on the microsoft security essentials and to get internet explorer to work. They did both work after I rebooted.

Security Check Log:

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````



ComboFix Log:

ComboFix 12-01-30.02 - Beast 01/30/2012 17:25:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2834 [GMT -5:00]
Running from: c:\users\Beast\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 22:13 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868B9D69-6CDB-4756-9176-5393D1B3DE73}\mpengine.dll
2012-01-30 22:08 . 2012-01-30 22:08 -------- d-----w- c:\program files\backups
2012-01-29 21:03 . 2012-01-29 21:03 -------- d-----w- c:\programdata\Trymedia
2012-01-29 21:02 . 2012-01-30 15:52 -------- d-----w- c:\program files (x86)\RealArcade
2012-01-29 15:20 . 2012-01-30 22:19 -------- d-----w- c:\users\Beast
2012-01-27 19:51 . 2012-01-27 19:47 388608 ----a-w- c:\program files\HijackThis.exe
2012-01-27 17:46 . 2012-01-27 17:46 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 15:50 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-23 03:55 . 2012-01-23 03:56 -------- d-----w- c:\program files (x86)\Google
2012-01-22 22:28 . 2012-01-22 22:28 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE104984-CDE8-45BF-A1AA-05AADEF44F1A}\gapaengine.dll
2012-01-22 22:27 . 2012-01-22 22:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-22 22:26 . 2012-01-22 22:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-22 22:08 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31F52639-00F2-4FA4-98B6-55253BA48868}\mpengine.dll
2012-01-20 20:59 . 2012-01-20 20:59 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-19 22:04 . 2012-01-19 22:04 -------- d-----w- c:\program files\iPod
2012-01-19 22:04 . 2012-01-19 22:04 -------- d-----w- c:\program files\iTunes
2012-01-19 21:59 . 2012-01-19 22:00 -------- d-----w- c:\program files\Common Files\Apple
2012-01-12 17:52 . 2012-01-12 17:52 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-01-11 17:11 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 17:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 17:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 17:11 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 17:11 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 17:11 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 17:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 17:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 14:53 . 2012-01-07 14:53 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-03 22:49 . 2012-01-03 22:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 19:47 . 2010-05-14 21:08 388608 ----a-w- C:\HijackThis.exe
2012-01-04 09:26 . 2010-01-04 19:03 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-23 19:42 . 2011-12-23 19:42 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-24 04:52 . 2011-12-15 01:19 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-15 01:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 01:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 06:36 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 06:36 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 06:36 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 06:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 06:36 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 06:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 06:36 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 06:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-23 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\DRIVERS\ser2ph64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2010-06-16 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ccd983a1d9688.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 03:56]
.
2012-01-28 c:\windows\Tasks\HPCeeScheduleForShelly.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-16 323072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-06-16 353792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-16 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-30 17:37:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 22:37
.
Pre-Run: 264,901,672,960 bytes free
Post-Run: 264,144,519,168 bytes free
.
- - End Of File - - 461B71BA4C15B6CA92637014D48039D3



Thank you again for your help with this, nasdaq. I hope that you are having a wonderful day. Look forward to hearing from you soon.

Disgusted

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 31 January 2012 - 09:13 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please let me know of any remaining issues with this computer.

#6 Disgusted

Disgusted
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 31 January 2012 - 11:33 AM

Hey nasdaq,

I uninstalled both of the older versions of Java and received these two error logs when doing so:

hs_err_pid2720

A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d403ed5, pid=2720, tid=3528
#
# JRE version: 6.0_23-b05
# Java VM: Java HotSpot™ Client VM (19.0-b09 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [jp2iexp.dll+0x3ed5]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x0544b000): JavaThread "main" [_thread_in_native, id=3528, stack(0x03180000,0x03380000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x00000000, EBX=0x3446a0c8, ECX=0x077e32f8, EDX=0x0337d35c
ESP=0x0337d338, EBP=0x0337d348, ESI=0x00000000, EDI=0x0544b000
EIP=0x6d403ed5, EFLAGS=0x00010202

Register to memory mapping:

EAX=0x00000000
0x00000000 is pointing to unknown location

EBX=0x3446a0c8
{method}
- klass: {other class}

ECX=0x077e32f8
0x077e32f8 is pointing to unknown location

EDX=0x0337d35c
0x0337d35c is pointing into the stack for thread: 0x0544b000
"main" prio=6 tid=0x0544b000 nid=0xdc8 runnable [0x0337d000]
java.lang.Thread.State: RUNNABLE

ESP=0x0337d338
0x0337d338 is pointing into the stack for thread: 0x0544b000
"main" prio=6 tid=0x0544b000 nid=0xdc8 runnable [0x0337d000]
java.lang.Thread.State: RUNNABLE

EBP=0x0337d348
0x0337d348 is pointing into the stack for thread: 0x0544b000
"main" prio=6 tid=0x0544b000 nid=0xdc8 runnable [0x0337d000]
java.lang.Thread.State: RUNNABLE

ESI=0x00000000
0x00000000 is pointing to unknown location

EDI=0x0544b000
"main" prio=6 tid=0x0544b000 nid=0xdc8 runnable [0x0337d000]
java.lang.Thread.State: RUNNABLE


Top of Stack: (sp=0x0337d338)
0x0337d338: 0337d35c 0337d344 3446a0c8 00000000
0x0337d348: 0337d388 0a0f9fc7 0544b118 0337d390
0x0337d358: 089ac440 00000000 0544b998 fffffffe
0x0337d368: 0337d368 3446a0c8 0337d39c 34472c28
0x0337d378: 00000000 3446a0c8 00000000 0337d398
0x0337d388: 0337d3c4 0a0f2f87 34472638 0a0f8306
0x0337d398: 089ac440 00000000 324f7df0 0337d3a4
0x0337d3a8: 3446a037 0337d3cc 34472c28 00000000

Instructions: (pc=0x6d403ed5)
0x6d403ec5: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x6d403ed5: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14


Stack: [0x03180000,0x03380000], sp=0x0337d338, free space=2036k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [jp2iexp.dll+0x3ed5]
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
V [jvm.dll+0xf33c9]
V [jvm.dll+0x188a91]
V [jvm.dll+0xf344d]
V [jvm.dll+0xfd07f]
V [jvm.dll+0xffe77]
C [jp2iexp.dll+0x178d]
C [jp2iexp.dll+0xd975]
C [jp2iexp.dll+0x8c4d]
C [USER32.dll+0x162fa]
C [USER32.dll+0x16d3a]
C [USER32.dll+0x20d27]
C [USER32.dll+0x20d4d]
C [GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll+0x4818f]
C [GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll+0x11ca65]
C [USER32.dll+0x162fa]
C [USER32.dll+0x16d3a]
C [USER32.dll+0x177c4]
C [USER32.dll+0x1788a]
C [IEFRAME.dll+0xf1c24]
C [IEFRAME.dll+0x111afe]
C [iertutil.dll+0x1416c0]
C [IEFRAME.dll+0xffe3b]
C [kernel32.dll+0x1339a]
C [ntdll.dll+0x39ef2]
C [ntdll.dll+0x39ec5]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0d52f000 JavaThread "JRE 1.6.0.23 Worker Thread" [_thread_blocked, id=3480, stack(0x0e070000,0x0e170000)]
0x0d52e400 JavaThread "JRE 1.6.0.23 Output Reader Thread" [_thread_in_native, id=3408, stack(0x0d370000,0x0d470000)]
0x0d52dc00 JavaThread "JRE 1.6.0.23 Output Reader Thread" [_thread_in_native, id=3896, stack(0x0dd20000,0x0de20000)]
0x0d52c400 JavaThread "Thread-0" [_thread_in_native, id=2864, stack(0x0db50000,0x0dc50000)]
0x0d51ec00 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=2964, stack(0x0d990000,0x0da90000)]
0x08734800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2724, stack(0x0cdd0000,0x0ced0000)]
0x08714400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3016, stack(0x0c9c0000,0x0cac0000)]
0x0870e400 JavaThread "CompilerThread0" daemon [_thread_blocked, id=1168, stack(0x0c620000,0x0c720000)]
0x0870d400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3940, stack(0x0c7a0000,0x0c8a0000)]
0x0870b400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1980, stack(0x0c520000,0x0c620000)]
0x08704c00 JavaThread "Finalizer" daemon [_thread_blocked, id=3096, stack(0x09690000,0x09790000)]
0x08703800 JavaThread "Reference Handler" daemon [_thread_blocked, id=3420, stack(0x0c3b0000,0x0c4b0000)]
=>0x0544b000 JavaThread "main" [_thread_in_native, id=3528, stack(0x03180000,0x03380000)]

Other Threads:
0x08702000 VMThread [stack: 0x0c190000,0x0c290000] [id=3744]
0x08724400 WatcherThread [stack: 0x0cb50000,0x0cc50000] [id=176]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4928K, used 1191K [0x32460000, 0x329b0000, 0x32f00000)
eden space 4416K, 26% used [0x32460000, 0x32589f30, 0x328b0000)
from space 512K, 0% used [0x328b0000, 0x328b0000, 0x32930000)
to space 512K, 0% used [0x32930000, 0x32930000, 0x329b0000)
tenured generation total 10944K, used 0K [0x32f00000, 0x339b0000, 0x34460000)
the space 10944K, 0% used [0x32f00000, 0x32f00000, 0x32f00200, 0x339b0000)
compacting perm gen total 12288K, used 711K [0x34460000, 0x35060000, 0x38460000)
the space 12288K, 5% used [0x34460000, 0x34511cc8, 0x34511e00, 0x35060000)
ro space 10240K, 51% used [0x38460000, 0x3898bd20, 0x3898be00, 0x38e60000)
rw space 12288K, 54% used [0x38e60000, 0x394f7d58, 0x394f7e00, 0x39a60000)

Dynamic libraries:
0x01210000 - 0x012c8000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
0x77980000 - 0x77b00000 C:\Windows\SysWOW64\ntdll.dll
0x75150000 - 0x75260000 C:\Windows\syswow64\kernel32.dll
0x75620000 - 0x75666000 C:\Windows\syswow64\KERNELBASE.dll
0x759d0000 - 0x75a70000 C:\Windows\syswow64\ADVAPI32.dll
0x75320000 - 0x753cc000 C:\Windows\syswow64\msvcrt.dll
0x75410000 - 0x75429000 C:\Windows\SysWOW64\sechost.dll
0x76d90000 - 0x76e80000 C:\Windows\syswow64\RPCRT4.dll
0x75060000 - 0x750c0000 C:\Windows\syswow64\SspiCli.dll
0x75050000 - 0x7505c000 C:\Windows\syswow64\CRYPTBASE.dll
0x75720000 - 0x75820000 C:\Windows\syswow64\USER32.dll
0x75820000 - 0x758b0000 C:\Windows\syswow64\GDI32.dll
0x75140000 - 0x7514a000 C:\Windows\syswow64\LPK.dll
0x76cf0000 - 0x76d8d000 C:\Windows\syswow64\USP10.dll
0x76e80000 - 0x76ed7000 C:\Windows\syswow64\SHLWAPI.dll
0x76040000 - 0x76c8a000 C:\Windows\syswow64\SHELL32.dll
0x75bf0000 - 0x75d4c000 C:\Windows\syswow64\ole32.dll
0x758b0000 - 0x759c1000 C:\Windows\syswow64\urlmon.dll
0x75a70000 - 0x75aff000 C:\Windows\syswow64\OLEAUT32.dll
0x75e70000 - 0x76028000 C:\Windows\syswow64\iertutil.dll
0x76fa0000 - 0x770bb000 C:\Windows\syswow64\WININET.dll
0x76030000 - 0x76033000 C:\Windows\syswow64\Normaliz.dll
0x76c90000 - 0x76cf0000 C:\Windows\system32\IMM32.DLL
0x75b20000 - 0x75bec000 C:\Windows\syswow64\MSCTF.dll
0x70170000 - 0x70ab6000 C:\Windows\system32\IEFRAME.dll
0x75670000 - 0x75675000 C:\Windows\syswow64\PSAPI.DLL
0x738c0000 - 0x738fc000 C:\Windows\system32\OLEACC.dll
0x73ac0000 - 0x73c5e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
0x750c0000 - 0x7513b000 C:\Windows\syswow64\comdlg32.dll
0x73790000 - 0x737c1000 C:\Program Files (x86)\Internet Explorer\IEShims.dll
0x72700000 - 0x72780000 C:\Windows\system32\uxtheme.dll
0x74050000 - 0x74058000 C:\Windows\system32\Secur32.dll
0x73140000 - 0x7314b000 C:\Windows\system32\profapi.dll
0x753d0000 - 0x75405000 C:\Windows\syswow64\WS2_32.dll
0x77950000 - 0x77956000 C:\Windows\syswow64\NSI.dll
0x74a70000 - 0x74ab4000 C:\Windows\system32\dnsapi.DLL
0x730e0000 - 0x730fc000 C:\Windows\system32\iphlpapi.DLL
0x730d0000 - 0x730d7000 C:\Windows\system32\WINNSI.DLL
0x74920000 - 0x7492e000 C:\Windows\system32\RpcRtRemote.dll
0x74ac0000 - 0x74ad3000 C:\Windows\system32\dwmapi.dll
0x6e5a0000 - 0x6f15b000 C:\Windows\system32\MSHTML.dll
0x73550000 - 0x73559000 C:\Windows\system32\VERSION.dll
0x75480000 - 0x7561d000 C:\Windows\syswow64\setupapi.dll
0x75260000 - 0x75287000 C:\Windows\syswow64\CFGMGR32.dll
0x75b00000 - 0x75b12000 C:\Windows\syswow64\DEVOBJ.dll
0x72320000 - 0x723da000 C:\Windows\system32\d2d1.dll
0x71f30000 - 0x7203a000 C:\Windows\system32\DWrite.dll
0x72290000 - 0x72313000 C:\Windows\system32\dxgi.dll
0x74970000 - 0x74986000 C:\Windows\system32\CRYPTSP.dll
0x74930000 - 0x7496b000 C:\Windows\system32\rsaenh.dll
0x76f10000 - 0x76f93000 C:\Windows\syswow64\CLBCatQ.DLL
0x73990000 - 0x739c2000 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
0x76ee0000 - 0x76f0d000 C:\Windows\syswow64\WINTRUST.dll
0x75d50000 - 0x75e6d000 C:\Windows\syswow64\CRYPT32.dll
0x75710000 - 0x7571c000 C:\Windows\syswow64\MSASN1.dll
0x70140000 - 0x7016c000 C:\Windows\system32\d3d10_1.dll
0x70100000 - 0x7013a000 C:\Windows\system32\d3d10_1core.dll
0x10000000 - 0x10447000 C:\Windows\system32\igd10umd32.dll
0x73810000 - 0x7386a000 C:\Windows\System32\netprofm.dll
0x74b60000 - 0x74b70000 C:\Windows\System32\nlaapi.dll
0x739d0000 - 0x739d8000 C:\Windows\System32\npmproxy.dll
0x739e0000 - 0x73a2c000 C:\Windows\system32\apphelp.dll
0x70070000 - 0x700cf000 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
0x730b0000 - 0x730c7000 C:\Windows\system32\USERENV.dll
0x727e0000 - 0x72864000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
0x6d430000 - 0x6d43c000 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll
0x73050000 - 0x73071000 C:\Windows\system32\ntmarta.dll
0x75430000 - 0x75475000 C:\Windows\syswow64\WLDAP32.dll
0x72a40000 - 0x72a92000 C:\Windows\system32\RASAPI32.dll
0x72a20000 - 0x72a35000 C:\Windows\system32\rasman.dll
0x74a60000 - 0x74a6d000 C:\Windows\system32\rtutils.dll
0x73870000 - 0x73876000 C:\Windows\system32\sensapi.dll
0x73010000 - 0x7304c000 C:\Windows\system32\mswsock.dll
0x73000000 - 0x73005000 C:\Windows\System32\wshtcpip.dll
0x73900000 - 0x73906000 C:\Windows\system32\rasadhlp.dll
0x74b40000 - 0x74b46000 C:\Windows\System32\wship6.dll
0x73910000 - 0x73931000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
0x743e0000 - 0x7443f000 C:\Windows\system32\SXS.DLL
0x73880000 - 0x738b8000 C:\Windows\System32\fwpuclnt.dll
0x6f5d0000 - 0x6fa01000 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll
0x72040000 - 0x72280000 C:\Windows\system32\msi.dll
0x737d0000 - 0x737d5000 C:\Windows\system32\MSIMG32.dll
0x74070000 - 0x74200000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
0x74790000 - 0x748e3000 C:\Windows\system32\query.dll
0x6ff40000 - 0x70070000 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_F5A70B61FC3A2BB0.dll
0x71e20000 - 0x71f0b000 C:\Windows\system32\dbghelp.dll
0x6fad0000 - 0x6fad8000 C:\Windows\system32\credssp.dll
0x6e4a0000 - 0x6e4da000 C:\Windows\SysWOW64\schannel.dll
0x700d0000 - 0x700fe000 C:\Windows\system32\mlang.dll
0x756e0000 - 0x7570a000 C:\Windows\syswow64\imagehlp.dll
0x744a0000 - 0x744d8000 C:\Windows\system32\ncrypt.dll
0x74480000 - 0x74497000 C:\Windows\system32\bcrypt.dll
0x74440000 - 0x7447d000 C:\Windows\SysWOW64\bcryptprimitives.dll
0x71f10000 - 0x71f26000 C:\Windows\system32\GPAPI.dll
0x6fc60000 - 0x6fc7c000 C:\Windows\system32\cryptnet.dll
0x6d950000 - 0x6d965000 C:\Windows\system32\Cabinet.dll
0x6d9b0000 - 0x6d9be000 C:\Windows\system32\DEVRTL.dll
0x6fab0000 - 0x6fac4000 C:\Windows\system32\asycfilt.dll
0x6fc80000 - 0x6fd7b000 C:\Windows\system32\WindowsCodecs.dll
0x6fd80000 - 0x6ff3b000 C:\Windows\SysWOW64\jscript9.dll
0x73780000 - 0x7378b000 C:\Windows\system32\msimtf.dll
0x73c60000 - 0x73d55000 C:\Windows\system32\PROPSYS.dll
0x073c0000 - 0x07437000 C:\Windows\SysWow64\deployJava1.dll
0x73410000 - 0x73417000 C:\Windows\SysWow64\WSOCK32.dll
0x6faf0000 - 0x6fb1b000 C:\Windows\system32\msls31.dll
0x6d400000 - 0x6d41f000 C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
0x726e0000 - 0x726f0000 C:\Windows\system32\napinsp.dll
0x726c0000 - 0x726d2000 C:\Windows\system32\pnrpnsp.dll
0x726f0000 - 0x726f8000 C:\Windows\System32\winrnr.dll
0x09840000 - 0x09aec000 C:\PROGRA~2\Java\jre6\bin\client\jvm.dll
0x733a0000 - 0x733d2000 C:\Windows\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\PROGRA~2\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\PROGRA~2\Java\jre6\bin\java.dll
0x6d280000 - 0x6d288000 C:\PROGRA~2\Java\jre6\bin\hpi.dll
0x6d7e0000 - 0x6d7ef000 C:\PROGRA~2\Java\jre6\bin\zip.dll
0x6e4e0000 - 0x6e513000 C:\Windows\system32\windowscodecsext.dll
0x6dc20000 - 0x6dd78000 C:\Windows\System32\msxml6.dll
0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll
0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll
0x6d000000 - 0x6d14a000 C:\Program Files (x86)\Java\jre6\bin\awt.dll
0x72780000 - 0x727d1000 C:\Windows\system32\WINSPOOL.DRV

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~2\Java\jre6\lib\deploy.jar;C:\PROGRA~2\Java\jre6\lib\javaws.jar;C:\PROGRA~2\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem
USERNAME=Beast
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows 7 Build 7601 Service Pack 1

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 23 stepping 10, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 4094908k(2390372k free), swap 8187968k(6318472k free)

vm_info: Java HotSpot™ Client VM (19.0-b09) for windows-x86 JRE (1.6.0_23-b05), built on Nov 12 2010 15:00:43 by "java_re" with MS VC++ 7.1 (VS2003)

time: Tue Jan 31 11:10:05 2012
elapsed time: 0 seconds


hs_err_pid3696

#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d403ed5, pid=3696, tid=1976
#
# JRE version: 6.0_23-b05
# Java VM: Java HotSpot™ Client VM (19.0-b09 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [jp2iexp.dll+0x3ed5]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x0646b400): JavaThread "main" [_thread_in_native, id=1976, stack(0x030d0000,0x032d0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x00000000, EBX=0x3446a0c8, ECX=0x07835b30, EDX=0x032cce4c
ESP=0x032cce28, EBP=0x032cce38, ESI=0x00000000, EDI=0x0646b400
EIP=0x6d403ed5, EFLAGS=0x00010202

Register to memory mapping:

EAX=0x00000000
0x00000000 is pointing to unknown location

EBX=0x3446a0c8
{method}
- klass: {other class}

ECX=0x07835b30
0x07835b30 is pointing to unknown location

EDX=0x032cce4c
0x032cce4c is pointing into the stack for thread: 0x0646b400
"main" prio=6 tid=0x0646b400 nid=0x7b8 runnable [0x032cc000]
java.lang.Thread.State: RUNNABLE

ESP=0x032cce28
0x032cce28 is pointing into the stack for thread: 0x0646b400
"main" prio=6 tid=0x0646b400 nid=0x7b8 runnable [0x032cc000]
java.lang.Thread.State: RUNNABLE

EBP=0x032cce38
0x032cce38 is pointing into the stack for thread: 0x0646b400
"main" prio=6 tid=0x0646b400 nid=0x7b8 runnable [0x032cc000]
java.lang.Thread.State: RUNNABLE

ESI=0x00000000
0x00000000 is pointing to unknown location

EDI=0x0646b400
"main" prio=6 tid=0x0646b400 nid=0x7b8 runnable [0x032cc000]
java.lang.Thread.State: RUNNABLE


Top of Stack: (sp=0x032cce28)
0x032cce28: 032cce4c 032cce34 3446a0c8 00000000
0x032cce38: 032cce78 10459fc7 0646b518 032cce80
0x032cce48: 0791d528 00000000 0646bab0 fffffffe
0x032cce58: 032cce58 3446a0c8 032cce8c 34472c28
0x032cce68: 00000000 3446a0c8 00000000 032cce88
0x032cce78: 032cceb4 10452f87 34472638 10458306
0x032cce88: 0791d528 00000000 324f7df0 032cce94
0x032cce98: 3446a037 032ccebc 34472c28 00000000

Instructions: (pc=0x6d403ed5)
0x6d403ec5: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x6d403ed5: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14


Stack: [0x030d0000,0x032d0000], sp=0x032cce28, free space=2035k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [jp2iexp.dll+0x3ed5]
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
V [jvm.dll+0xf33c9]
V [jvm.dll+0x188a91]
V [jvm.dll+0xf344d]
V [jvm.dll+0xfd07f]
V [jvm.dll+0xffe77]
C [jp2iexp.dll+0x178d]
C [jp2iexp.dll+0xd975]
C [jp2iexp.dll+0x8c4d]
C [USER32.dll+0x162fa]
C [USER32.dll+0x16d3a]
C [USER32.dll+0x20d27]
C [USER32.dll+0x20d4d]
C [GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll+0x4818f]
C [GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll+0x11ca65]
C [USER32.dll+0x162fa]
C [USER32.dll+0x16d3a]
C [USER32.dll+0x177c4]
C [USER32.dll+0x1788a]
C [IEFRAME.dll+0xf1c24]
C [IEFRAME.dll+0x111afe]
C [iertutil.dll+0x1416c0]
C [IEFRAME.dll+0xffe3b]
C [kernel32.dll+0x1339a]
C [ntdll.dll+0x39ef2]
C [ntdll.dll+0x39ec5]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0ce4fc00 JavaThread "JRE 1.6.0.23 Worker Thread" [_thread_blocked, id=3764, stack(0x0dd30000,0x0de30000)]
0x0ce4f400 JavaThread "JRE 1.6.0.23 Output Reader Thread" [_thread_in_native, id=3652, stack(0x0dbb0000,0x0dcb0000)]
0x0ce4f000 JavaThread "JRE 1.6.0.23 Output Reader Thread" [_thread_in_native, id=1768, stack(0x0d820000,0x0d920000)]
0x0ce4cc00 JavaThread "Thread-0" [_thread_in_native, id=3536, stack(0x0cbb0000,0x0ccb0000)]
0x0ce4b800 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=2392, stack(0x0d250000,0x0d350000)]
0x08105400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1560, stack(0x0ca20000,0x0cb20000)]
0x080e4c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=552, stack(0x0c870000,0x0c970000)]
0x080df000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2044, stack(0x0b0a0000,0x0b1a0000)]
0x080de000 JavaThread "Attach Listener" daemon [_thread_blocked, id=2796, stack(0x0c5c0000,0x0c6c0000)]
0x080db400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2280, stack(0x0c3d0000,0x0c4d0000)]
0x080d4c00 JavaThread "Finalizer" daemon [_thread_blocked, id=996, stack(0x0bb90000,0x0bc90000)]
0x080d3800 JavaThread "Reference Handler" daemon [_thread_blocked, id=1132, stack(0x0bd60000,0x0be60000)]
=>0x0646b400 JavaThread "main" [_thread_in_native, id=1976, stack(0x030d0000,0x032d0000)]

Other Threads:
0x080d2000 VMThread [stack: 0x0c2a0000,0x0c3a0000] [id=436]
0x080e8000 WatcherThread [stack: 0x0c760000,0x0c860000] [id=2776]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4928K, used 1191K [0x32460000, 0x329b0000, 0x32f00000)
eden space 4416K, 26% used [0x32460000, 0x32589f30, 0x328b0000)
from space 512K, 0% used [0x328b0000, 0x328b0000, 0x32930000)
to space 512K, 0% used [0x32930000, 0x32930000, 0x329b0000)
tenured generation total 10944K, used 0K [0x32f00000, 0x339b0000, 0x34460000)
the space 10944K, 0% used [0x32f00000, 0x32f00000, 0x32f00200, 0x339b0000)
compacting perm gen total 12288K, used 711K [0x34460000, 0x35060000, 0x38460000)
the space 12288K, 5% used [0x34460000, 0x34511cc8, 0x34511e00, 0x35060000)
ro space 10240K, 51% used [0x38460000, 0x3898bd20, 0x3898be00, 0x38e60000)
rw space 12288K, 54% used [0x38e60000, 0x394f7d58, 0x394f7e00, 0x39a60000)

Dynamic libraries:
0x01210000 - 0x012c8000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
0x77980000 - 0x77b00000 C:\Windows\SysWOW64\ntdll.dll
0x75150000 - 0x75260000 C:\Windows\syswow64\kernel32.dll
0x75620000 - 0x75666000 C:\Windows\syswow64\KERNELBASE.dll
0x759d0000 - 0x75a70000 C:\Windows\syswow64\ADVAPI32.dll
0x75320000 - 0x753cc000 C:\Windows\syswow64\msvcrt.dll
0x75410000 - 0x75429000 C:\Windows\SysWOW64\sechost.dll
0x76d90000 - 0x76e80000 C:\Windows\syswow64\RPCRT4.dll
0x75060000 - 0x750c0000 C:\Windows\syswow64\SspiCli.dll
0x75050000 - 0x7505c000 C:\Windows\syswow64\CRYPTBASE.dll
0x75720000 - 0x75820000 C:\Windows\syswow64\USER32.dll
0x75820000 - 0x758b0000 C:\Windows\syswow64\GDI32.dll
0x75140000 - 0x7514a000 C:\Windows\syswow64\LPK.dll
0x76cf0000 - 0x76d8d000 C:\Windows\syswow64\USP10.dll
0x76e80000 - 0x76ed7000 C:\Windows\syswow64\SHLWAPI.dll
0x76040000 - 0x76c8a000 C:\Windows\syswow64\SHELL32.dll
0x75bf0000 - 0x75d4c000 C:\Windows\syswow64\ole32.dll
0x758b0000 - 0x759c1000 C:\Windows\syswow64\urlmon.dll
0x75a70000 - 0x75aff000 C:\Windows\syswow64\OLEAUT32.dll
0x75e70000 - 0x76028000 C:\Windows\syswow64\iertutil.dll
0x76fa0000 - 0x770bb000 C:\Windows\syswow64\WININET.dll
0x76030000 - 0x76033000 C:\Windows\syswow64\Normaliz.dll
0x76c90000 - 0x76cf0000 C:\Windows\system32\IMM32.DLL
0x75b20000 - 0x75bec000 C:\Windows\syswow64\MSCTF.dll
0x70170000 - 0x70ab6000 C:\Windows\system32\IEFRAME.dll
0x75670000 - 0x75675000 C:\Windows\syswow64\PSAPI.DLL
0x738c0000 - 0x738fc000 C:\Windows\system32\OLEACC.dll
0x73ac0000 - 0x73c5e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
0x750c0000 - 0x7513b000 C:\Windows\syswow64\comdlg32.dll
0x73790000 - 0x737c1000 C:\Program Files (x86)\Internet Explorer\IEShims.dll
0x72700000 - 0x72780000 C:\Windows\system32\uxtheme.dll
0x74050000 - 0x74058000 C:\Windows\system32\Secur32.dll
0x73140000 - 0x7314b000 C:\Windows\system32\profapi.dll
0x753d0000 - 0x75405000 C:\Windows\syswow64\WS2_32.dll
0x77950000 - 0x77956000 C:\Windows\syswow64\NSI.dll
0x74a70000 - 0x74ab4000 C:\Windows\system32\dnsapi.DLL
0x730e0000 - 0x730fc000 C:\Windows\system32\iphlpapi.DLL
0x730d0000 - 0x730d7000 C:\Windows\system32\WINNSI.DLL
0x74920000 - 0x7492e000 C:\Windows\system32\RpcRtRemote.dll
0x74ac0000 - 0x74ad3000 C:\Windows\system32\dwmapi.dll
0x6e5a0000 - 0x6f15b000 C:\Windows\system32\MSHTML.dll
0x73550000 - 0x73559000 C:\Windows\system32\VERSION.dll
0x75480000 - 0x7561d000 C:\Windows\syswow64\setupapi.dll
0x75260000 - 0x75287000 C:\Windows\syswow64\CFGMGR32.dll
0x75b00000 - 0x75b12000 C:\Windows\syswow64\DEVOBJ.dll
0x72320000 - 0x723da000 C:\Windows\system32\d2d1.dll
0x71f30000 - 0x7203a000 C:\Windows\system32\DWrite.dll
0x72290000 - 0x72313000 C:\Windows\system32\dxgi.dll
0x74970000 - 0x74986000 C:\Windows\system32\CRYPTSP.dll
0x76ee0000 - 0x76f0d000 C:\Windows\syswow64\WINTRUST.dll
0x75d50000 - 0x75e6d000 C:\Windows\syswow64\CRYPT32.dll
0x75710000 - 0x7571c000 C:\Windows\syswow64\MSASN1.dll
0x70140000 - 0x7016c000 C:\Windows\system32\d3d10_1.dll
0x70100000 - 0x7013a000 C:\Windows\system32\d3d10_1core.dll
0x10000000 - 0x10447000 C:\Windows\system32\igd10umd32.dll
0x74930000 - 0x7496b000 C:\Windows\system32\rsaenh.dll
0x76f10000 - 0x76f93000 C:\Windows\syswow64\CLBCatQ.DLL
0x73990000 - 0x739c2000 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
0x739e0000 - 0x73a2c000 C:\Windows\system32\apphelp.dll
0x70070000 - 0x700cf000 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
0x730b0000 - 0x730c7000 C:\Windows\system32\USERENV.dll
0x727e0000 - 0x72864000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
0x6d430000 - 0x6d43c000 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll
0x743e0000 - 0x7443f000 C:\Windows\system32\SXS.DLL
0x6f5d0000 - 0x6fa01000 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll
0x72a40000 - 0x72a92000 C:\Windows\system32\RASAPI32.dll
0x72a20000 - 0x72a35000 C:\Windows\system32\rasman.dll
0x72040000 - 0x72280000 C:\Windows\system32\msi.dll
0x737d0000 - 0x737d5000 C:\Windows\system32\MSIMG32.dll
0x74070000 - 0x74200000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
0x74790000 - 0x748e3000 C:\Windows\system32\query.dll
0x6ff40000 - 0x70070000 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_F5A70B61FC3A2BB0.dll
0x71e20000 - 0x71f0b000 C:\Windows\system32\dbghelp.dll
0x700d0000 - 0x700fe000 C:\Windows\system32\mlang.dll
0x73050000 - 0x73071000 C:\Windows\system32\ntmarta.dll
0x75430000 - 0x75475000 C:\Windows\syswow64\WLDAP32.dll
0x756e0000 - 0x7570a000 C:\Windows\syswow64\imagehlp.dll
0x744a0000 - 0x744d8000 C:\Windows\system32\ncrypt.dll
0x74480000 - 0x74497000 C:\Windows\system32\bcrypt.dll
0x74440000 - 0x7447d000 C:\Windows\SysWOW64\bcryptprimitives.dll
0x71f10000 - 0x71f26000 C:\Windows\system32\GPAPI.dll
0x6fc60000 - 0x6fc7c000 C:\Windows\system32\cryptnet.dll
0x74a60000 - 0x74a6d000 C:\Windows\system32\rtutils.dll
0x73870000 - 0x73876000 C:\Windows\system32\sensapi.dll
0x6fab0000 - 0x6fac4000 C:\Windows\system32\asycfilt.dll
0x6fc80000 - 0x6fd7b000 C:\Windows\system32\WindowsCodecs.dll
0x73c60000 - 0x73d55000 C:\Windows\system32\PROPSYS.dll
0x73780000 - 0x7378b000 C:\Windows\system32\msimtf.dll
0x6faf0000 - 0x6fb1b000 C:\Windows\system32\msls31.dll
0x74020000 - 0x7404f000 C:\Windows\system32\XmlLite.dll
0x73010000 - 0x7304c000 C:\Windows\system32\mswsock.dll
0x73000000 - 0x73005000 C:\Windows\System32\wshtcpip.dll
0x74b60000 - 0x74b70000 C:\Windows\system32\NLAapi.dll
0x73900000 - 0x73906000 C:\Windows\system32\rasadhlp.dll
0x74b40000 - 0x74b46000 C:\Windows\System32\wship6.dll
0x73910000 - 0x73931000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
0x6e380000 - 0x6e482000 C:\Windows\system32\d3d10.dll
0x6f250000 - 0x6f283000 C:\Windows\system32\d3d10core.dll
0x73880000 - 0x738b8000 C:\Windows\System32\fwpuclnt.dll
0x6fad0000 - 0x6fad8000 C:\Windows\system32\credssp.dll
0x6e4a0000 - 0x6e4da000 C:\Windows\SysWOW64\schannel.dll
0x74730000 - 0x74788000 C:\Windows\system32\WINHTTP.dll
0x746e0000 - 0x7472f000 C:\Windows\system32\webio.dll
0x6d210000 - 0x6d21d000 C:\Windows\system32\dhcpcsvc6.DLL
0x6d1f0000 - 0x6d202000 C:\Windows\system32\dhcpcsvc.DLL
0x6d950000 - 0x6d965000 C:\Windows\system32\Cabinet.dll
0x6d9b0000 - 0x6d9be000 C:\Windows\system32\DEVRTL.dll
0x6fd80000 - 0x6ff3b000 C:\Windows\SysWOW64\jscript9.dll
0x08300000 - 0x08377000 C:\Windows\SysWow64\deployJava1.dll
0x73410000 - 0x73417000 C:\Windows\SysWow64\WSOCK32.dll
0x6e4e0000 - 0x6e513000 C:\Windows\system32\windowscodecsext.dll
0x6dc20000 - 0x6dd78000 C:\Windows\System32\msxml6.dll
0x744e0000 - 0x745da000 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
0x6d400000 - 0x6d41f000 C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
0x726f0000 - 0x72700000 C:\Windows\system32\napinsp.dll
0x726d0000 - 0x726e2000 C:\Windows\system32\pnrpnsp.dll
0x726c0000 - 0x726c8000 C:\Windows\System32\winrnr.dll
0x0b8c0000 - 0x0bb6c000 C:\PROGRA~2\Java\jre6\bin\client\jvm.dll
0x733a0000 - 0x733d2000 C:\Windows\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\PROGRA~2\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\PROGRA~2\Java\jre6\bin\java.dll
0x6d280000 - 0x6d288000 C:\PROGRA~2\Java\jre6\bin\hpi.dll
0x6d7e0000 - 0x6d7ef000 C:\PROGRA~2\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll
0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~2\Java\jre6\lib\deploy.jar;C:\PROGRA~2\Java\jre6\lib\javaws.jar;C:\PROGRA~2\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem
USERNAME=Beast
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows 7 Build 7601 Service Pack 1

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 23 stepping 10, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 4094908k(2392504k free), swap 8187968k(6321368k free)

vm_info: Java HotSpot™ Client VM (19.0-b09) for windows-x86 JRE (1.6.0_23-b05), built on Nov 12 2010 15:00:43 by "java_re" with MS VC++ 7.1 (VS2003)

time: Tue Jan 31 11:10:02 2012
elapsed time: 2 seconds

#7 Disgusted

Disgusted
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 31 January 2012 - 11:38 AM

Also,

Everytime I try to open your website, Microsoft Office 2000 Premium edition tries to initialize. When I press cancel, it is looking for a network path that is no longer associated with this computer. It was a network path that was used in a previous home network I shared with my father in Texas. I also think that there is still some sort of tracking software/malware on my computer because everytime I am logged into the internet I have at least 20 ports open in the 50000 ports, and about 20 different ones using port 80. I can send you the netstat should you like to take a look at that as well.

Thank you for taking the time to check all of this out for me.

Disgusted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 01 February 2012 - 09:55 AM

I'm not a Java expert. Do not know what might have caused this.

Download Revo Uninstaller

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller will help you to remove the Java programs(s) installed on your computer.
===

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Install the latest Java version is not already done.
===

Everytime I try to open your website, Microsoft Office 2000 Premium edition tries to initialize. When I press cancel, it is looking for a network path that is no longer associated with this computer. It was a network path that was used in a previous home network I shared with my father in Texas. I also think that there is still some sort of tracking software/malware on my computer because everytime I am logged into the internet I have at least 20 ports open in the 50000 ports, and about 20 different ones using port 80. I can send you the netstat should you like to take a look at that as well


I see all the following entries on your DDS log.

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\2375942554034373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\242757567676562737F564275656F575966496 : DhcpNameServer = 205.214.51.16 205.214.46.10
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\24967602441646469772370224572776562702241627 : DhcpNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\26563747775637475627E6 : DhcpNameServer = 207.191.50.10 207.191.1.10
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\6796275737B696C6C65627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{38EEB6F6-D780-488E-8D92-1A3BD3FA1F70}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{635ACEEB-5241-4D5E-AE58-F3432D4E637B} : DhcpNameServer = 209.18.47.61 209.18.47.62

Since this is not my forte I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html
===

On my side it's Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!

I will keep this topic open for 5 days.
If you need additional information please ask.
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 07 February 2012 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users