Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lame Aim Link Virus. Look At Log Please! Need Help! :(


  • This topic is locked This topic is locked
5 replies to this topic

#1 mallym12

mallym12

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 20 February 2007 - 05:48 PM

Would anyone please please please tell me if my log looks clean?
I opened one of those AIM link viruses!

Logfile of HijackThis v1.99.1
Scan saved at 5:45:51 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Mal\LOCALS~1\Temp\clclean.0001
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1156449745\ee\AOLHostManager.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\AOL\1156449745\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mal\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156449745\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DLCCCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:46 AM

Posted 24 February 2007 - 07:50 AM

Hello and welcome to BC

Happy to say that I can't see any malware.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

===========================

You are running Viewpoint. I'll let you decide whether or not you want to keep it. Viewpoint is bundled with AOL, AOL Instant Messenger, Netscape 7, etc and sometimes not mentioned in the license agreement. Viewpoint is also bundled with Adobe Atmosphere and hardware manufacturers pre-install some of these applications
ViewPoint Toolbar will redirect your search queries and also transmits non personally identifiable information back to their servers.
Viewpoint Manager is a media player often bundled with AIM software. It is not technically considered malware, but is borderline adware and is often installed without a user's knowledge. If you wish to remove it, this kills it.

============================

It might be a good idea to give your system a little TLC to make sure you're free of malware, if you haven't done already. You might like to print these so that you'll have access to them when you're in Safe Mode later.

Please download Posted ImageAVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Anti Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

=======================================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

=======================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

========================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user Stay in Safe Mode.

========================================

Still in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

==========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan, but remember to turn it on before you reconnect to the internet


=============================================

Please post back the AVG A-S report, Panda report and a fresh HijackThis log.

#3 mallym12

mallym12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 February 2007 - 12:27 AM

okay, well i'll be updating my java and doing the scans in safemode tomorrow, so I'll post my log then. Thanks for your help. I worry too much about my computer and its settles me to know someone will look over my logs for me. :-D

#4 mallym12

mallym12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 February 2007 - 01:07 AM

Also. if you could answer.
this randomly appeared on my desktop acouple of weeks ago and i have no idea what it means. could you tell me? and why did it feel the need to save it to my desktop?

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x5BE1A2E
Function=[Unknown.]
Library=C:\Program Files\Java\j2re1.4.2_03\bin\jsound.dll

NOTE: We are unable to locate the function name symbol for the error
just occurred. Please refer to release documentation for possible
reason and solutions.


Current Java thread:
at com.sun.media.sound.MixerThread.runNative(Native Method)
at com.sun.media.sound.MixerThread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F57000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778D0000 C:\WINDOWS\system32\SHDOCVW.dll
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x754D0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x5B860000 - 0x5B8B4000 C:\WINDOWS\system32\NETAPI32.dll
0x771B0000 - 0x77259000 C:\WINDOWS\system32\WININET.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x629C0000 - 0x629C9000 C:\WINDOWS\system32\LPK.DLL
0x74D90000 - 0x74DFB000 C:\WINDOWS\system32\USP10.dll
0x10000000 - 0x1001F000 C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62000000 - 0x62091000 C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopResources_en.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x7C9C0000 - 0x7D1D5000 C:\WINDOWS\system32\SHELL32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x75F80000 - 0x7607D000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x41000000 - 0x4101C000 C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
0x755C0000 - 0x755EE000 C:\WINDOWS\system32\msctfime.ime
0x7E1E0000 - 0x7E282000 C:\WINDOWS\system32\urlmon.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x77A20000 - 0x77A74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661D000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x01B70000 - 0x01EAD000 c:\program files\google\googletoolbar3.dll
0x745E0000 - 0x748A6000 C:\WINDOWS\system32\msi.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x74980000 - 0x74A8E000 C:\WINDOWS\system32\msxml3.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 - 0x769B5000 C:\WINDOWS\system32\ntshrui.dll
0x76B20000 - 0x76B31000 C:\WINDOWS\system32\ATL.DLL
0x769C0000 - 0x76A73000 C:\WINDOWS\system32\USERENV.dll
0x71B20000 - 0x71B32000 C:\WINDOWS\system32\MPR.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.DLL
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x75F60000 - 0x75F67000 C:\WINDOWS\System32\drprov.dll
0x71C10000 - 0x71C1E000 C:\WINDOWS\System32\ntlanman.dll
0x71CD0000 - 0x71CE7000 C:\WINDOWS\System32\NETUI0.dll
0x71C90000 - 0x71CD0000 C:\WINDOWS\System32\NETUI1.dll
0x71C80000 - 0x71C87000 C:\WINDOWS\System32\NETRAP.dll
0x71BF0000 - 0x71C03000 C:\WINDOWS\System32\SAMLIB.dll
0x75F70000 - 0x75F79000 C:\WINDOWS\System32\davclnt.dll
0x77C70000 - 0x77C93000 C:\WINDOWS\system32\msv1_0.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x02460000 - 0x0246C000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x02470000 - 0x0248F000 C:\WINDOWS\system32\dla\tfswshx.dll
0x02490000 - 0x0249F000 C:\WINDOWS\system32\tfswapi.dll
0x024A0000 - 0x024DB000 C:\WINDOWS\system32\dla\tfswcres.dll
0x14490000 - 0x144A4000 c:\program files\mcafee\virusscan\scriptcl.dll
0x75C50000 - 0x75CBE000 C:\WINDOWS\system32\JScript.dll
0x73300000 - 0x73367000 C:\WINDOWS\system32\VBScript.dll
0x73DD0000 - 0x73ECE000 C:\WINDOWS\system32\MFC42.DLL
0x02520000 - 0x02538000 C:\Program Files\BAE\BAE.dll
0x75E90000 - 0x75F40000 C:\WINDOWS\system32\SXS.DLL
0x029C0000 - 0x02A48000 C:\WINDOWS\system32\shdoclc.dll
0x02A50000 - 0x02D15000 C:\WINDOWS\system32\xpsp2res.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\mlang.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x7DC30000 - 0x7DF21000 C:\WINDOWS\system32\mshtml.dll
0x034E0000 - 0x03507000 C:\WINDOWS\system32\msls31.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x03A50000 - 0x03A7A000 C:\WINDOWS\system32\msimtf.dll
0x03A80000 - 0x03ACB000 C:\WINDOWS\system32\MSCTF.dll
0x325C0000 - 0x325D2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x66880000 - 0x6688C000 C:\WINDOWS\system32\ImgUtil.dll
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x5E310000 - 0x5E31C000 C:\WINDOWS\system32\pngfilt.dll
0x6BDD0000 - 0x6BE06000 C:\WINDOWS\system32\dxtrans.dll
0x6D430000 - 0x6D43A000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737A9000 C:\WINDOWS\system32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x6BE10000 - 0x6BE6A000 C:\WINDOWS\system32\dxtmsft.dll
0x30000000 - 0x302DE000 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x767F0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x05D00000 - 0x05D14000 C:\Program Files\Dell\QuickSet\dadkeyb.dll
0x05D30000 - 0x05D3F000 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
0x75970000 - 0x75A68000 C:\WINDOWS\system32\MSGINA.dll
0x74320000 - 0x7435D000 C:\WINDOWS\system32\ODBC32.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x07590000 - 0x075A7000 C:\WINDOWS\system32\odbcint.dll
0x73BA0000 - 0x73BB3000 C:\WINDOWS\system32\sti.dll
0x74AE0000 - 0x74AE7000 C:\WINDOWS\system32\CFGMGR32.dll
0x0FFD0000 - 0x0FFF8000 C:\WINDOWS\system32\rsaenh.dll
0x66E50000 - 0x66E90000 C:\WINDOWS\system32\iepeers.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x74C80000 - 0x74CAC000 C:\WINDOWS\system32\OLEACC.DLL
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x05DE0000 - 0x05E1E000 C:\WINDOWS\system32\xpsp3res.dll
0x68100000 - 0x68124000 C:\WINDOWS\system32\dssenh.dll
0x71D40000 - 0x71D5C000 C:\WINDOWS\system32\actxprxy.dll
0x03F10000 - 0x03F1B000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D380000 - 0x6D398000 C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
0x08920000 - 0x08A58000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\client\jvm.dll
0x028B0000 - 0x028B7000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\hpi.dll
0x028D0000 - 0x028DE000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\verify.dll
0x028E0000 - 0x028F9000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\java.dll
0x02910000 - 0x0291D000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\zip.dll
0x09060000 - 0x0916F000 C:\Program Files\Java\j2re1.4.2_03\bin\awt.dll
0x05D80000 - 0x05DD0000 C:\Program Files\Java\j2re1.4.2_03\bin\fontmanager.dll
0x73940000 - 0x73A10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6D2F0000 - 0x6D304000 C:\Program Files\Java\j2re1.4.2_03\bin\jpicom32.dll
0x03E80000 - 0x03E8F000 C:\Program Files\Java\j2re1.4.2_03\bin\net.dll
0x05B20000 - 0x05B42000 C:\Program Files\Java\j2re1.4.2_03\bin\dcpr.dll
0x05BD0000 - 0x05BF3000 C:\Program Files\Java\j2re1.4.2_03\bin\jsound.dll
0x03F20000 - 0x03F3E000 C:\Program Files\Java\j2re1.4.2_03\bin\jpeg.dll

Heap at VM Abort:
Heap
def new generation total 1280K, used 523K [0x144b0000, 0x14610000, 0x14c10000)
eden space 1152K, 34% used [0x144b0000, 0x145141b8, 0x145d0000)
from space 128K, 95% used [0x145f0000, 0x1460eb80, 0x14610000)
to space 128K, 0% used [0x145d0000, 0x145d0000, 0x145f0000)
tenured generation total 16272K, used 14421K [0x14c10000, 0x15bf4000, 0x1a4b0000)
the space 16272K, 88% used [0x14c10000, 0x15a254b8, 0x15a25600, 0x15bf4000)
compacting perm gen total 5632K, used 5511K [0x1a4b0000, 0x1aa30000, 0x1e4b0000)
the space 5632K, 97% used [0x1a4b0000, 0x1aa11e48, 0x1aa12000, 0x1aa30000)

Local Time = Mon Feb 12 19:55:02 2007
Elapsed Time = 884
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_03-b02 mixed mode)
#

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:46 AM

Posted 28 February 2007 - 11:44 AM

Hello,

I don't know why it showed up on your desktop, but it seems to have something to do an older version of Java , i.e. j2re1.4.2_03. The Java code on the site made something erroneous during sound mixing, according to the code. With the update I don't think you'll be getting the error.

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:46 AM

Posted 04 March 2007 - 08:17 AM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users