Solve : PLEASE HELP?

1.	Solve : PLEASE HELP?
Answer» i cant watch videos and everytime i try downloading flash player i have this message posted in wordpad on my desktop. What the censored isit and how can i get rid of it!! i want to cry haha # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x46bfe9ed, pid=512, tid=3696 # # JRE version: 6.0_17-b04 # Java VM: Java HotSpot(TM) Client VM (14.3-b01 mixed mode, sharing windows-x86 ) # Problematic frame: # C 0x46bfe9ed # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- T H R E A D --------------- Current thread (0x03122800): JavaThread "thread applet-com.diginet.digichat.client.DigiChatApplet-1" [_thread_in_native, id=3696, stack(0x03320000,0x03370000)] siginfo: ExceptionCode=0xc0000005, reading address 0x46bfe9ed Registers: EAX=0x0336d62c, EBX=0x00000188, ECX=0x03117618, EDX=0x00000004 ESP=0x0336d60c, EBP=0x0336de38, ESI=0x0336d62c, EDI=0x00000188 EIP=0x46bfe9ed, EFLAGS=0x00010202 Top of Stack: (sp=0x0336d60c) 0x0336d60c: 6d6171fe 00002360 0336d62c 00000188 0x0336d61c: 00000000 03122800 26df2bd8 26df2bd0 0x0336d62c: 20544547 6769442f 61684369 69442f74 0x0336d63c: 6c436967 65737361 6c432f73 746e6569 0x0336d64c: 315f355f 315f305f 616a2e39 54482072 0x0336d65c: 312f5054 0a0d312e 746e6f63 2d746e65 0x0336d66c: 65707974 7061203a 63696c70 6f697461 0x0336d67c: 2d782f6e 6176616a 6372612d 65766968 Instructions: (pc=0x46bfe9ed) 0x46bfe9dd: [error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005] Stack: [0x03320000,0x03370000], sp=0x0336d60c, free space=309k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C 0x46bfe9ed j java.net.SocketOutputStream.socketWrite 0(Ljava/io/FileDescriptor;[BII)V+0 j java.net.SocketOutputStream.socketWrite([BII)V+44 j java.net.SocketOutputStream.write([BII)V+4 j java.io.BufferedOutputStream.flushBuffe r()V+20 j java.io.BufferedOutputStream.flush()V+1 j java.io.PrintStream.flush()V+12 j sun.net.www.MessageHeader.print(Ljava/io/PrintStream;)V+101 j sun.net.www.http.HttpClient.writeReques ts(Lsun/net/www/MessageHeader;Lsun/net/www/http/PosterOutputStream;)V+13 j sun.net.www.protocol.http.HttpURLConnec tion.writeRequests()V+647 j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+278 j com.sun.deploy.net.HttpUtils.followRedi rects(Ljava/net/URLConnection;)Ljava/net/HttpURLConnection;+20 j com.sun.deploy.net.BasicHttpRequest.doR equest(Ljava/net/URL;Z[Ljava/lang/String;[Ljava/lang/String;ZJ)Lcom/sun/deploy/net/HttpResponse;+193 j com.sun.deploy.net.BasicHttpRequest.doG etRequestEX(Ljava/net/URL;[Ljava/lang/String;[Ljava/lang/String;J)Lcom/sun/deploy/net/HttpResponse;+8 j com.sun.deploy.net.DownloadEngine.isUpd ateAvailable(Ljava/net/URL;Ljava/lang/String;ZLjava/util/Map;)Z+329 j com.sun.deploy.cache.DeployCacheHandler .get(Ljava/net/URI;Ljava/lang/String;Ljava/util/Map;)Ljava/net/CacheResponse;+134 j sun.net.www.protocol.http.HttpURLConnec tion.plainConnect()V+54 j sun.net.www.protocol.http.HttpURLConnec tion.connect()V+1 j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+187 j sun.plugin.PluginURLJarFileCallBack.dow nloadJAR(Ljava/net/URLConnection;Z)V+34 j sun.plugin.PluginURLJarFileCallBack.acc ess$000(Lsun/plugin/PluginURLJarFileCallBack;Ljava/net/URLConnection;Z)V+3 j sun.plugin.PluginURLJarFileCallBack$2.run()Ljava/lang/Object;+103 v ~StubRoutines::call_stub V [jvm.dll+0xecf9c] V [jvm.dll+0x1741d1] V [jvm.dll+0xed01d] V [jvm.dll+0x11c2bf] C [java.dll+0x1047] j sun.plugin.PluginURLJarFileCallBack.ret rieve(Ljava/net/URL;)Ljava/util/jar/JarFile;+73 j sun.net.www.protocol.jar.URLJarFile.ret rieve(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+10 j sun.net.www.protocol.jar.URLJarFile.get JarFile(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+19 j sun.net.www.protocol.jar.JarFileFactory .get(Ljava/net/URL;Z)Ljava/util/jar/JarFile;+192 j sun.net.www.protocol.jar.JarURLConnecti on.connect()V+19 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.connect()V+116 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFileInternal()Ljava/util/jar/JarFile;+213 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFile()Ljava/util/jar/JarFile;+2 j sun.misc.URLClassPath$JarLoader.getJarFile(Ljava/net/URL;)Ljava/util/jar/JarFile;+69 j sun.misc.URLClassPath$JarLoader.access$600(Lsun/misc/URLClassPath$JarLoader;Ljava/net/URL;)Ljava/util/jar/JarFile;+2 j sun.misc.URLClassPath$JarLoader$1.run()Ljava/lang/Object;+55 v ~StubRoutines::call_stub V [jvm.dll+0xecf9c] V [jvm.dll+0x1741d1] V [jvm.dll+0xed01d] V [jvm.dll+0x11c2bf] C [java.dll+0x1047] j sun.misc.URLClassPath$JarLoader.ensureOpen()V+15 j sun.misc.URLClassPath$JarLoader.(Ljava/net/URL;Ljava/net/URLStreamHandler;Ljava/util/HashMap;)V+60 j sun.misc.URLClassPath$3.run()Ljava/lang/Object;+82 v ~StubRoutines::call_stub V [jvm.dll+0xecf9c] V [jvm.dll+0x1741d1] V [jvm.dll+0xed01d] V [jvm.dll+0x11c2bf] C [java.dll+0x1047] j sun.misc.URLClassPath.getLoader(Ljava/net/URL;)Lsun/misc/URLClassPath$Loader;+9 j sun.misc.URLClassPath.getLoader(I)Lsun/misc/URLClassPath$Loader;+73 j sun.misc.URLClassPath.getResource(Ljava/lang/String;Z)Lsun/misc/Resource;+42 j sun.plugin2.applet.Plugin2ClassLoader$2.run()Ljava/lang/Object;+51 v ~StubRoutines::call_stub V [jvm.dll+0xecf9c] V [jvm.dll+0x1741d1] V [jvm.dll+0xed01d] V [jvm.dll+0x11c2bf] C [java.dll+0x1061] j sun.plugin2.applet.Plugin2ClassLoader.f indClassHelper(Ljava/lang/String;)Ljava/lang/Class;+33 j sun.plugin2.applet.Applet2ClassLoader.f indClass(Ljava/lang/String;)Ljava/lang/Class;+34 j java.lang.ClassLoader.loadClass(Ljava/lang/String;Z)Ljava/lang/Class;+43 j java.lang.ClassLoader.loadClass(Ljava/lang/String;)Ljava/lang/Class;+3 j sun.plugin2.applet.Plugin2ClassLoader.l oadCode(Ljava/lang/String;)Ljava/lang/Class;+123 j sun.plugin2.applet.Plugin2Manager.creat eApplet()Ljava/applet/Applet;+127 j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+183 j java.lang.Thread.run()V+11 v ~StubRoutines::call_stub V [jvm.dll+0xecf9c] V [jvm.dll+0x1741d1] V [jvm.dll+0xed167] V [jvm.dll+0xed1dd] V [jvm.dll+0x116290] V [jvm.dll+0x1d0414] V [jvm.dll+0x173e4c] C [msvcr71.dll+0x9565] C [kernel32.dll+0xb729] Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j java.net.SocketOutputStream.socketWrite 0(Ljava/io/FileDescriptor;[BII)V+0 j java.net.SocketOutputStream.socketWrite([BII)V+44 j java.net.SocketOutputStream.write([BII)V+4 j java.io.BufferedOutputStream.flushBuffe r()V+20 j java.io.BufferedOutputStream.flush()V+1 j java.io.PrintStream.flush()V+12 j sun.net.www.MessageHeader.print(Ljava/io/PrintStream;)V+101 j sun.net.www.http.HttpClient.writeReques ts(Lsun/net/www/MessageHeader;Lsun/net/www/http/PosterOutputStream;)V+13 j sun.net.www.protocol.http.HttpURLConnec tion.writeRequests()V+647 j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+278 j com.sun.deploy.net.HttpUtils.followRedi rects(Ljava/net/URLConnection;)Ljava/net/HttpURLConnection;+20 j com.sun.deploy.net.BasicHttpRequest.doR equest(Ljava/net/URL;Z[Ljava/lang/String;[Ljava/lang/String;ZJ)Lcom/sun/deploy/net/HttpResponse;+193 j com.sun.deploy.net.BasicHttpRequest.doG etRequestEX(Ljava/net/URL;[Ljava/lang/String;[Ljava/lang/String;J)Lcom/sun/deploy/net/HttpResponse;+8 j com.sun.deploy.net.DownloadEngine.isUpd ateAvailable(Ljava/net/URL;Ljava/lang/String;ZLjava/util/Map;)Z+329 j com.sun.deploy.cache.DeployCacheHandler .get(Ljava/net/URI;Ljava/lang/String;Ljava/util/Map;)Ljava/net/CacheResponse;+134 j sun.net.www.protocol.http.HttpURLConnec tion.plainConnect()V+54 j sun.net.www.protocol.http.HttpURLConnec tion.connect()V+1 j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+187 j sun.plugin.PluginURLJarFileCallBack.dow nloadJAR(Ljava/net/URLConnection;Z)V+34 j sun.plugin.PluginURLJarFileCallBack.acc ess$000(Lsun/plugin/PluginURLJarFileCallBack;Ljava/net/URLConnection;Z)V+3 j sun.plugin.PluginURLJarFileCallBack$2.run()Ljava/lang/Object;+103 v ~StubRoutines::call_stub j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0 j sun.plugin.PluginURLJarFileCallBack.ret rieve(Ljava/net/URL;)Ljava/util/jar/JarFile;+73 j sun.net.www.protocol.jar.URLJarFile.ret rieve(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+10 j sun.net.www.protocol.jar.URLJarFile.get JarFile(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+19 j sun.net.www.protocol.jar.JarFileFactory .get(Ljava/net/URL;Z)Ljava/util/jar/JarFile;+192 j sun.net.www.protocol.jar.JarURLConnecti on.connect()V+19 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.connect()V+116 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFileInternal()Ljava/util/jar/JarFile;+213 j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFile()Ljava/util/jar/JarFile;+2 j sun.misc.URLClassPath$JarLoader.getJarFile(Ljava/net/URL;)Ljava/util/jar/JarFile;+69 j sun.misc.URLClassPath$JarLoader.access$600(Lsun/misc/URLClassPath$JarLoader;Ljava/net/URL;)Ljava/util/jar/JarFile;+2 j sun.misc.URLClassPath$JarLoader$1.run()Ljava/lang/Object;+55 v ~StubRoutines::call_stub j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0 j sun.misc.URLClassPath$JarLoader.ensureOpen()V+15 j sun.misc.URLClassPath$JarLoader.(Ljava/net/URL;Ljava/net/URLStreamHandler;Ljava/util/HashMap;)V+60 j sun.misc.URLClassPath$3.run()Ljava/lang/Object;+82 v ~StubRoutines::call_stub j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0 j sun.misc.URLClassPath.getLoader(Ljava/net/URL;)Lsun/misc/URLClassPath$Loader;+9 j sun.misc.URLClassPath.getLoader(I)Lsun/misc/URLClassPath$Loader;+73 j sun.misc.URLClassPath.getResource(Ljava/lang/String;Z)Lsun/misc/Resource;+42 j sun.plugin2.applet.Plugin2ClassLoader$2.run()Ljava/lang/Object;+51 v ~StubRoutines::call_stub j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;+0 j sun.plugin2.applet.Plugin2ClassLoader.f indClassHelper(Ljava/lang/String;)Ljava/lang/Class;+33 j sun.plugin2.applet.Applet2ClassLoader.f indClass(Ljava/lang/String;)Ljava/lang/Class;+34 j java.lang.ClassLoader.loadClass(Ljava/lang/String;Z)Ljava/lang/Class;+43 j java.lang.ClassLoader.loadClass(Ljava/lang/String;)Ljava/lang/Class;+3 j sun.plugin2.applet.Plugin2ClassLoader.l oadCode(Ljava/lang/String;)Ljava/lang/Class;+123 j sun.plugin2.applet.Plugin2Manager.creat eApplet()Ljava/applet/Applet;+127 j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+183 j java.lang.Thread.run()V+11 v ~StubRoutines::call_stub --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x03123000 JavaThread "Thread-10" [_thread_blocked, id=3216, stack(0x04080000,0x040d0000)] =>0x03122800 JavaThread "thread applet-com.diginet.digichat.client.DigiChatApplet-1" [_thread_in_native, id=3696, stack(0x03320000,0x03370000)] 0x03118400 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=3648, stack(0x040d0000,0x04120000)] 0x03114400 JavaThread "Applet 2 LiveConnect Worker Thread" [_thread_blocked, id=3392, stack(0x04030000,0x04080000)] 0x030ec400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3524, stack(0x03600000,0x03650000)] 0x03107000 JavaThread "Image FETCHER 3" daemon [_thread_blocked, id=3552, stack(0x03740000,0x03790000)] 0x03100c00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2996, stack(0x036f0000,0x03740000)] 0x03100800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3088, stack(0x03650000,0x036a0000)] 0x030f5c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2976, stack(0x036a0000,0x036f0000)] 0x030e6000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=1492, stack(0x035b0000,0x03600000)] 0x030e4c00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4040, stack(0x03560000,0x035b0000)] 0x030e3000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1896, stack(0x034b0000,0x03500000)] 0x030e1c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=3568, stack(0x03460000,0x034b0000)] 0x030dd800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2544, stack(0x03410000,0x03460000)] 0x030dac00 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=1600, stack(0x03370000,0x033c0000)] 0x030dc800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3140, stack(0x032d0000,0x03320000)] 0x02d6bc00 JavaThread "Timer-0" [_thread_blocked, id=3836, stack(0x03080000,0x030d0000)] 0x02d49400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3164, stack(0x02fc0000,0x03010000)] 0x02d42c00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2712, stack(0x02f70000,0x02fc0000)] 0x02d41400 JavaThread "Attach Listener" daemon [_thread_blocked, id=1176, stack(0x02f20000,0x02f70000)] 0x02d40000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3252, stack(0x02ed0000,0x02f20000)] 0x02d01800 JavaThread "Finalizer" daemon [_thread_blocked, id=2572, stack(0x02e80000,0x02ed0000)] 0x02cfcc00 JavaThread "Reference Handler" daemon [_thread_blocked, id=1368, stack(0x02e30000,0x02e80000)] 0x00a96800 JavaThread "main" [_thread_blocked, id=3132, stack(0x00b20000,0x00b70000)] Other Threads: 0x02cfb400 VMThread [stack: 0x02de0000,0x02e30000] [id=172] 0x02d5cc00 WatcherThread [stack: 0x03010000,0x03060000] [id=2732] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 960K, used 839K [0x22bc0000, 0x22cc0000, 0x230a0000) eden space 896K, 86% used [0x22bc0000, 0x22c81f00, 0x22ca0000) from space 64K, 100% used [0x22ca0000, 0x22cb0000, 0x22cb0000) to space 64K, 0% used [0x22cb0000, 0x22cb0000, 0x22cc0000) tenured generation total 4096K, used 491K [0x230a0000, 0x234a0000, 0x26bc0000) the space 4096K, 11% used [0x230a0000, 0x2311ac78, 0x2311ae00, 0x234a0000) compacting perm gen total 12288K, used 2276K [0x26bc0000, 0x277c0000, 0x2abc0000) the space 12288K, 18% used [0x26bc0000, 0x26df9250, 0x26df9400, 0x277c0000) ro space 8192K, 63% used [0x2abc0000, 0x2b0d8b20, 0x2b0d8c00, 0x2b3c0000) rw space 12288K, 53% used [0x2b3c0000, 0x2ba35138, 0x2ba35200, 0x2bfc0000) Dynamic libraries: 0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe 0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll 0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll 0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll 0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll 0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL 0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll 0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll 0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll 0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll 0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll 0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll 0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll 0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV 0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL 0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\psapi.dll 0x3d930000 - 0x3da01000 C:\WINDOWS\system32\wininet.dll 0x003e0000 - 0x003e9000 C:\WINDOWS\system32\Normaliz.dll 0x3dfd0000 - 0x3e015000 C:\WINDOWS\system32\iertutil.dll 0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\ws2_32.dll 0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll 0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\wsock32.dll 0x77a80000 - 0x77b15000 C:\WINDOWS\system32\crypt32.dll 0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll 0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll 0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll 0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll 0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll 0x6d800000 - 0x6da8b000 C:\Program Files\Java\jre6\bin\client\jvm.dll 0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll 0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll 0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll 0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll 0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll 0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll 0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll 0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll 0x78130000 - 0x78258000 C:\WINDOWS\system32\urlmon.dll 0x6d6b0000 - 0x6d6f3000 C:\Program Files\Java\jre6\bin\regutils.dll 0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll 0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll 0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll 0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll 0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll 0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll 0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll 0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime 0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll 0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll 0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll VM Arguments: jvm_args: -D__jvm_launched=36107607242 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2896_pipe6,read_pipe_name=jpi2_pid2896_pipe5 Launcher Type: SUN_STANDARD Environment Variables: PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\adabas\bin;C:\adabas\pgm;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\adabas\bin;C:\adabas\pgm USERNAME=Nathan OS=Windows_NT PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel --------------- S Y S T E M --------------- OS: Windows XP Build 2600 Service Pack 3 CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 13 stepping 8, cmov, cx8, fxsr, mmx, sse, sse2 Memory: 4k page, physical 1039408k(414428k free), swap 2499048k(1873708k free) vm_info: Java HotSpot(TM) Client VM (14.3-b01) for windows-x86 JRE (1.6.0_17-b04), built on Oct 11 2009 00:52:06 by "java_re" with MS VC++ 7.1 time: Mon Apr 05 00:59:23 2010 elapsed time: 4 seconds Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.boFix 10-04-05.06 - Nathan 06/04/2010 19:40:58.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.684 [GMT 0:00] Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Nathan\LOCALS~1\Temp\tmp2.tmp c:\recycler\S-1-5-21-2226665520-4189811108-2719964761-1003 c:\recycler\S-1-5-21-3504028335-655725818-2494886574-1003 c:\recycler\S-1-5-21-4193448610-1243597163-2470444081-1003 c:\recycler\S-1-5-21-839522115-1383384898-527237240-1003 c:\windows\run.log c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\lowsec\user.ds.lll c:\windows\system32\sdra64.exe c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 ))))))))))))))))))))))))))))))) . 2010-04-05 19:19 . 2010-04-05 21:33--------d-----w-c:\documents and settings\All Users\Application Data\RegCure 2010-04-05 19:19 . 2010-04-05 21:31--------d-----w-c:\program files\RegCure 2010-04-04 23:48 . 2010-04-05 21:18--------d-----w-c:\documents and settings\All Users\Application Data\NOS 2010-04-04 23:48 . 2010-04-04 23:48--------d-----w-c:\program files\NOS 2010-03-13 21:52 . 2010-03-13 21:52152576----a-w-c:\documents and settings\Nathan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-06 19:15 . 2009-02-03 18:22--------d-----w-c:\documents and settings\Nathan\Application Data\StarOffice8 2010-04-05 22:12 . 2009-03-05 04:52--------d-----w-c:\program files\SeekeenSrch 2010-04-05 21:42 . 2009-03-05 04:52--------d-----w-c:\documents and settings\All Users\Application Data\SeekeenSrch 2010-04-04 14:50 . 2009-02-03 18:256952----a-w-c:\documents and settings\Nathan\Application Data\wklnhst.dat 2010-04-04 14:41 . 2009-02-10 20:33--------d-----w-c:\documents and settings\Nathan\Application Data\Teleca 2010-04-04 14:40 . 2009-02-10 20:29--------d-----w-c:\program files\Common Files\Teleca Shared 2010-03-17 00:41 . 2009-02-10 19:29--------d-----w-c:\documents and settings\Nathan\Application Data\LimeWire 2010-03-13 21:54 . 2008-07-05 02:39--------d-----w-c:\program files\Java 2010-03-13 21:52 . 2009-11-11 00:3679488----a-w-c:\documents and settings\Nathan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-11 12:38 . 2008-07-03 04:32832512----a-w-c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2008-07-03 04:3178336----a-w-c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2008-07-03 04:3117408----a-w-c:\windows\system32\corpol.dll 2010-02-12 10:03 . 2010-02-25 15:00293376------w-c:\windows\system32\browserchoice.exe 2008-05-07 08:34 . 2008-07-05 02:5515523560----a-w-c:\program files\U1 Setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] c:\documents and settings\Nathan\Start Menu\Programs\Startup\ StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2007-8-18 122880] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-7-5 303104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-11 02:5139792----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 08:2057344----a-w-c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] 2008-06-19 08:422808832----a-w-c:\windows\alcwzrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 16:443883856----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2008-06-18 10:0177824----a-w-c:\windows\SoundMan.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 21:52 35168] R2 EKRN;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 09:16 472280] S1 driubrsb;driubrsb;\??\c:\windows\system32\drivers\driubrsb.sys --> c:\windows\system32\drivers\driubrsb.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelperREG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-04-05 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-02-23 23:20] 2010-04-06 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2010-02-23 23:20] 2010-04-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-02-23 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global uInternet Settings,ProxyOverride = .local . - - - - ORPHANS REMOVED - - - - WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-06 19:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2010-04-06 19:50:09 ComboFix-quarantined-files.txt 2010-04-06 19:49 Pre-Run: 28,739,575,808 bytes free Post-Run: 30,070,956,032 bytes free - - End Of File - - CA2EDE311A4535339C36392BCBDED7EA That was scary :-sThere is a dangerous backdoor trojan on your system. This is a sign of total system compromise. Backdoor trojans are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal SENSITIVE information** like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to: http://www.viruslist.com/en/viruses/glossary?glossid=189208417 I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned. Then, access this information from a non-compromised computer to follow the steps needed. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please *get to a known clean* computer and change all passwords** where applicable. Do NOT* change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.* (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? What Should I Do If I've Become A Victim Of Identity Theft? Identity Theft Victims Guide - What to do [/color] Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a backdoor trojan. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove backdoor trojans cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully: When should I re-format? How should I reinstall? Help: I Got Hacked. Now What Do I Do? Help: I Got Hacked. Now What Do I Do? Part II Where to draw the line? When to recommend a format and reinstall? GUIDES for format and reinstall: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115 http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143 However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat. If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Please let me KNOW what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Answer»

i cant watch videos and everytime i try downloading flash player i have this message posted in wordpad on my desktop. What the *censored* isit and how can i get rid of it!! i want to cry haha
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x46bfe9ed, pid=512, tid=3696
#
# JRE version: 6.0_17-b04
# Java VM: Java HotSpot(TM) Client VM (14.3-b01 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0x46bfe9ed
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x03122800): JavaThread "thread applet-com.diginet.digichat.client.DigiChatApplet-1" [_thread_in_native, id=3696, stack(0x03320000,0x03370000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x46bfe9ed

Registers:
EAX=0x0336d62c, EBX=0x00000188, ECX=0x03117618, EDX=0x00000004
ESP=0x0336d60c, EBP=0x0336de38, ESI=0x0336d62c, EDI=0x00000188
EIP=0x46bfe9ed, EFLAGS=0x00010202

Top of Stack: (sp=0x0336d60c)
0x0336d60c: 6d6171fe 00002360 0336d62c 00000188
0x0336d61c: 00000000 03122800 26df2bd8 26df2bd0
0x0336d62c: 20544547 6769442f 61684369 69442f74
0x0336d63c: 6c436967 65737361 6c432f73 746e6569
0x0336d64c: 315f355f 315f305f 616a2e39 54482072
0x0336d65c: 312f5054 0a0d312e 746e6f63 2d746e65
0x0336d66c: 65707974 7061203a 63696c70 6f697461
0x0336d67c: 2d782f6e 6176616a 6372612d 65766968

Instructions: (pc=0x46bfe9ed)
0x46bfe9dd:
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]

Stack: [0x03320000,0x03370000], sp=0x0336d60c, free space=309k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x46bfe9ed
j java.net.SocketOutputStream.socketWrite 0(Ljava/io/FileDescriptor;[BII)V+0
j java.net.SocketOutputStream.socketWrite([BII)V+44
j java.net.SocketOutputStream.write([BII)V+4
j java.io.BufferedOutputStream.flushBuffe r()V+20
j java.io.BufferedOutputStream.flush()V+1
j java.io.PrintStream.flush()V+12
j sun.net.www.MessageHeader.print(Ljava/io/PrintStream;)V+101
j sun.net.www.http.HttpClient.writeReques ts(Lsun/net/www/MessageHeader;Lsun/net/www/http/PosterOutputStream;)V+13
j sun.net.www.protocol.http.HttpURLConnec tion.writeRequests()V+647
j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+278
j com.sun.deploy.net.HttpUtils.followRedi rects(Ljava/net/URLConnection;)Ljava/net/HttpURLConnection;+20
j com.sun.deploy.net.BasicHttpRequest.doR equest(Ljava/net/URL;Z[Ljava/lang/String;[Ljava/lang/String;ZJ)Lcom/sun/deploy/net/HttpResponse;+193
j com.sun.deploy.net.BasicHttpRequest.doG etRequestEX(Ljava/net/URL;[Ljava/lang/String;[Ljava/lang/String;J)Lcom/sun/deploy/net/HttpResponse;+8
j com.sun.deploy.net.DownloadEngine.isUpd ateAvailable(Ljava/net/URL;Ljava/lang/String;ZLjava/util/Map;)Z+329
j com.sun.deploy.cache.DeployCacheHandler .get(Ljava/net/URI;Ljava/lang/String;Ljava/util/Map;)Ljava/net/CacheResponse;+134
j sun.net.www.protocol.http.HttpURLConnec tion.plainConnect()V+54
j sun.net.www.protocol.http.HttpURLConnec tion.connect()V+1
j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+187
j sun.plugin.PluginURLJarFileCallBack.dow nloadJAR(Ljava/net/URLConnection;Z)V+34
j sun.plugin.PluginURLJarFileCallBack.acc ess$000(Lsun/plugin/PluginURLJarFileCallBack;Ljava/net/URLConnection;Z)V+3
j sun.plugin.PluginURLJarFileCallBack$2.run()Ljava/lang/Object;+103
v ~StubRoutines::call_stub
V [jvm.dll+0xecf9c]
V [jvm.dll+0x1741d1]
V [jvm.dll+0xed01d]
V [jvm.dll+0x11c2bf]
C [java.dll+0x1047]
j sun.plugin.PluginURLJarFileCallBack.ret rieve(Ljava/net/URL;)Ljava/util/jar/JarFile;+73
j sun.net.www.protocol.jar.URLJarFile.ret rieve(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+10
j sun.net.www.protocol.jar.URLJarFile.get JarFile(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+19
j sun.net.www.protocol.jar.JarFileFactory .get(Ljava/net/URL;Z)Ljava/util/jar/JarFile;+192
j sun.net.www.protocol.jar.JarURLConnecti on.connect()V+19
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.connect()V+116
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFileInternal()Ljava/util/jar/JarFile;+213
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFile()Ljava/util/jar/JarFile;+2
j sun.misc.URLClassPath$JarLoader.getJarFile(Ljava/net/URL;)Ljava/util/jar/JarFile;+69
j sun.misc.URLClassPath$JarLoader.access$600(Lsun/misc/URLClassPath$JarLoader;Ljava/net/URL;)Ljava/util/jar/JarFile;+2
j sun.misc.URLClassPath$JarLoader$1.run()Ljava/lang/Object;+55
v ~StubRoutines::call_stub
V [jvm.dll+0xecf9c]
V [jvm.dll+0x1741d1]
V [jvm.dll+0xed01d]
V [jvm.dll+0x11c2bf]
C [java.dll+0x1047]
j sun.misc.URLClassPath$JarLoader.ensureOpen()V+15
j sun.misc.URLClassPath$JarLoader.(Ljava/net/URL;Ljava/net/URLStreamHandler;Ljava/util/HashMap;)V+60
j sun.misc.URLClassPath$3.run()Ljava/lang/Object;+82
v ~StubRoutines::call_stub
V [jvm.dll+0xecf9c]
V [jvm.dll+0x1741d1]
V [jvm.dll+0xed01d]
V [jvm.dll+0x11c2bf]
C [java.dll+0x1047]
j sun.misc.URLClassPath.getLoader(Ljava/net/URL;)Lsun/misc/URLClassPath$Loader;+9
j sun.misc.URLClassPath.getLoader(I)Lsun/misc/URLClassPath$Loader;+73
j sun.misc.URLClassPath.getResource(Ljava/lang/String;Z)Lsun/misc/Resource;+42
j sun.plugin2.applet.Plugin2ClassLoader$2.run()Ljava/lang/Object;+51
v ~StubRoutines::call_stub
V [jvm.dll+0xecf9c]
V [jvm.dll+0x1741d1]
V [jvm.dll+0xed01d]
V [jvm.dll+0x11c2bf]
C [java.dll+0x1061]
j sun.plugin2.applet.Plugin2ClassLoader.f indClassHelper(Ljava/lang/String;)Ljava/lang/Class;+33
j sun.plugin2.applet.Applet2ClassLoader.f indClass(Ljava/lang/String;)Ljava/lang/Class;+34
j java.lang.ClassLoader.loadClass(Ljava/lang/String;Z)Ljava/lang/Class;+43
j java.lang.ClassLoader.loadClass(Ljava/lang/String;)Ljava/lang/Class;+3
j sun.plugin2.applet.Plugin2ClassLoader.l oadCode(Ljava/lang/String;)Ljava/lang/Class;+123
j sun.plugin2.applet.Plugin2Manager.creat eApplet()Ljava/applet/Applet;+127
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+183
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
V [jvm.dll+0xecf9c]
V [jvm.dll+0x1741d1]
V [jvm.dll+0xed167]
V [jvm.dll+0xed1dd]
V [jvm.dll+0x116290]
V [jvm.dll+0x1d0414]
V [jvm.dll+0x173e4c]
C [msvcr71.dll+0x9565]
C [kernel32.dll+0xb729]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.net.SocketOutputStream.socketWrite 0(Ljava/io/FileDescriptor;[BII)V+0
j java.net.SocketOutputStream.socketWrite([BII)V+44
j java.net.SocketOutputStream.write([BII)V+4
j java.io.BufferedOutputStream.flushBuffe r()V+20
j java.io.BufferedOutputStream.flush()V+1
j java.io.PrintStream.flush()V+12
j sun.net.www.MessageHeader.print(Ljava/io/PrintStream;)V+101
j sun.net.www.http.HttpClient.writeReques ts(Lsun/net/www/MessageHeader;Lsun/net/www/http/PosterOutputStream;)V+13
j sun.net.www.protocol.http.HttpURLConnec tion.writeRequests()V+647
j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+278
j com.sun.deploy.net.HttpUtils.followRedi rects(Ljava/net/URLConnection;)Ljava/net/HttpURLConnection;+20
j com.sun.deploy.net.BasicHttpRequest.doR equest(Ljava/net/URL;Z[Ljava/lang/String;[Ljava/lang/String;ZJ)Lcom/sun/deploy/net/HttpResponse;+193
j com.sun.deploy.net.BasicHttpRequest.doG etRequestEX(Ljava/net/URL;[Ljava/lang/String;[Ljava/lang/String;J)Lcom/sun/deploy/net/HttpResponse;+8
j com.sun.deploy.net.DownloadEngine.isUpd ateAvailable(Ljava/net/URL;Ljava/lang/String;ZLjava/util/Map;)Z+329
j com.sun.deploy.cache.DeployCacheHandler .get(Ljava/net/URI;Ljava/lang/String;Ljava/util/Map;)Ljava/net/CacheResponse;+134
j sun.net.www.protocol.http.HttpURLConnec tion.plainConnect()V+54
j sun.net.www.protocol.http.HttpURLConnec tion.connect()V+1
j sun.net.www.protocol.http.HttpURLConnec tion.getInputStream()Ljava/io/InputStream;+187
j sun.plugin.PluginURLJarFileCallBack.dow nloadJAR(Ljava/net/URLConnection;Z)V+34
j sun.plugin.PluginURLJarFileCallBack.acc ess$000(Lsun/plugin/PluginURLJarFileCallBack;Ljava/net/URLConnection;Z)V+3
j sun.plugin.PluginURLJarFileCallBack$2.run()Ljava/lang/Object;+103
v ~StubRoutines::call_stub
j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0
j sun.plugin.PluginURLJarFileCallBack.ret rieve(Ljava/net/URL;)Ljava/util/jar/JarFile;+73
j sun.net.www.protocol.jar.URLJarFile.ret rieve(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+10
j sun.net.www.protocol.jar.URLJarFile.get JarFile(Ljava/net/URL;Lsun/net/www/protocol/jar/URLJarFile$URLJarFileCloseController;)Ljava/util/jar/JarFile;+19
j sun.net.www.protocol.jar.JarFileFactory .get(Ljava/net/URL;Z)Ljava/util/jar/JarFile;+192
j sun.net.www.protocol.jar.JarURLConnecti on.connect()V+19
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.connect()V+116
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFileInternal()Ljava/util/jar/JarFile;+213
j sun.plugin.net.protocol.jar.CachedJarUR LConnection.getJarFile()Ljava/util/jar/JarFile;+2
j sun.misc.URLClassPath$JarLoader.getJarFile(Ljava/net/URL;)Ljava/util/jar/JarFile;+69
j sun.misc.URLClassPath$JarLoader.access$600(Lsun/misc/URLClassPath$JarLoader;Ljava/net/URL;)Ljava/util/jar/JarFile;+2
j sun.misc.URLClassPath$JarLoader$1.run()Ljava/lang/Object;+55
v ~StubRoutines::call_stub
j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0
j sun.misc.URLClassPath$JarLoader.ensureOpen()V+15
j sun.misc.URLClassPath$JarLoader.(Ljava/net/URL;Ljava/net/URLStreamHandler;Ljava/util/HashMap;)V+60
j sun.misc.URLClassPath$3.run()Ljava/lang/Object;+82
v ~StubRoutines::call_stub
j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;+0
j sun.misc.URLClassPath.getLoader(Ljava/net/URL;)Lsun/misc/URLClassPath$Loader;+9
j sun.misc.URLClassPath.getLoader(I)Lsun/misc/URLClassPath$Loader;+73
j sun.misc.URLClassPath.getResource(Ljava/lang/String;Z)Lsun/misc/Resource;+42
j sun.plugin2.applet.Plugin2ClassLoader$2.run()Ljava/lang/Object;+51
v ~StubRoutines::call_stub
j java.security.AccessController.doPrivil eged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;+0
j sun.plugin2.applet.Plugin2ClassLoader.f indClassHelper(Ljava/lang/String;)Ljava/lang/Class;+33
j sun.plugin2.applet.Applet2ClassLoader.f indClass(Ljava/lang/String;)Ljava/lang/Class;+34
j java.lang.ClassLoader.loadClass(Ljava/lang/String;Z)Ljava/lang/Class;+43
j java.lang.ClassLoader.loadClass(Ljava/lang/String;)Ljava/lang/Class;+3
j sun.plugin2.applet.Plugin2ClassLoader.l oadCode(Ljava/lang/String;)Ljava/lang/Class;+123
j sun.plugin2.applet.Plugin2Manager.creat eApplet()Ljava/applet/Applet;+127
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+183
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x03123000 JavaThread "Thread-10" [_thread_blocked, id=3216, stack(0x04080000,0x040d0000)]
=>0x03122800 JavaThread "thread applet-com.diginet.digichat.client.DigiChatApplet-1" [_thread_in_native, id=3696, stack(0x03320000,0x03370000)]
0x03118400 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=3648, stack(0x040d0000,0x04120000)]
0x03114400 JavaThread "Applet 2 LiveConnect Worker Thread" [_thread_blocked, id=3392, stack(0x04030000,0x04080000)]
0x030ec400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3524, stack(0x03600000,0x03650000)]
0x03107000 JavaThread "Image FETCHER 3" daemon [_thread_blocked, id=3552, stack(0x03740000,0x03790000)]
0x03100c00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2996, stack(0x036f0000,0x03740000)]
0x03100800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3088, stack(0x03650000,0x036a0000)]
0x030f5c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2976, stack(0x036a0000,0x036f0000)]
0x030e6000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=1492, stack(0x035b0000,0x03600000)]
0x030e4c00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4040, stack(0x03560000,0x035b0000)]
0x030e3000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1896, stack(0x034b0000,0x03500000)]
0x030e1c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=3568, stack(0x03460000,0x034b0000)]
0x030dd800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2544, stack(0x03410000,0x03460000)]
0x030dac00 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=1600, stack(0x03370000,0x033c0000)]
0x030dc800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3140, stack(0x032d0000,0x03320000)]
0x02d6bc00 JavaThread "Timer-0" [_thread_blocked, id=3836, stack(0x03080000,0x030d0000)]
0x02d49400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3164, stack(0x02fc0000,0x03010000)]
0x02d42c00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2712, stack(0x02f70000,0x02fc0000)]
0x02d41400 JavaThread "Attach Listener" daemon [_thread_blocked, id=1176, stack(0x02f20000,0x02f70000)]
0x02d40000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3252, stack(0x02ed0000,0x02f20000)]
0x02d01800 JavaThread "Finalizer" daemon [_thread_blocked, id=2572, stack(0x02e80000,0x02ed0000)]
0x02cfcc00 JavaThread "Reference Handler" daemon [_thread_blocked, id=1368, stack(0x02e30000,0x02e80000)]
0x00a96800 JavaThread "main" [_thread_blocked, id=3132, stack(0x00b20000,0x00b70000)]

Other Threads:
0x02cfb400 VMThread [stack: 0x02de0000,0x02e30000] [id=172]
0x02d5cc00 WatcherThread [stack: 0x03010000,0x03060000] [id=2732]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 960K, used 839K [0x22bc0000, 0x22cc0000, 0x230a0000)
eden space 896K, 86% used [0x22bc0000, 0x22c81f00, 0x22ca0000)
from space 64K, 100% used [0x22ca0000, 0x22cb0000, 0x22cb0000)
to space 64K, 0% used [0x22cb0000, 0x22cb0000, 0x22cc0000)
tenured generation total 4096K, used 491K [0x230a0000, 0x234a0000, 0x26bc0000)
the space 4096K, 11% used [0x230a0000, 0x2311ac78, 0x2311ae00, 0x234a0000)
compacting perm gen total 12288K, used 2276K [0x26bc0000, 0x277c0000, 0x2abc0000)
the space 12288K, 18% used [0x26bc0000, 0x26df9250, 0x26df9400, 0x277c0000)
ro space 8192K, 63% used [0x2abc0000, 0x2b0d8b20, 0x2b0d8c00, 0x2b3c0000)
rw space 12288K, 53% used [0x2b3c0000, 0x2ba35138, 0x2ba35200, 0x2bfc0000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\psapi.dll
0x3d930000 - 0x3da01000 C:\WINDOWS\system32\wininet.dll
0x003e0000 - 0x003e9000 C:\WINDOWS\system32\Normaliz.dll
0x3dfd0000 - 0x3e015000 C:\WINDOWS\system32\iertutil.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\wsock32.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\crypt32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da8b000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x78130000 - 0x78258000 C:\WINDOWS\system32\urlmon.dll
0x6d6b0000 - 0x6d6f3000 C:\Program Files\Java\jre6\bin\regutils.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll

VM Arguments:
jvm_args: -D__jvm_launched=36107607242 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2896_pipe6,read_pipe_name=jpi2_pid2896_pipe5
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\adabas\bin;C:\adabas\pgm;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\adabas\bin;C:\adabas\pgm
USERNAME=Nathan
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 13 stepping 8, cmov, cx8, fxsr, mmx, sse, sse2

Memory: 4k page, physical 1039408k(414428k free), swap 2499048k(1873708k free)

vm_info: Java HotSpot(TM) Client VM (14.3-b01) for windows-x86 JRE (1.6.0_17-b04), built on Oct 11 2009 00:52:06 by "java_re" with MS VC++ 7.1

time: Mon Apr 05 00:59:23 2010
elapsed time: 4 seconds

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.boFix 10-04-05.06 - Nathan 06/04/2010 19:40:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.684 [GMT 0:00]
Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Nathan\LOCALS~1\Temp\tmp2.tmp
c:\recycler\S-1-5-21-2226665520-4189811108-2719964761-1003
c:\recycler\S-1-5-21-3504028335-655725818-2494886574-1003
c:\recycler\S-1-5-21-4193448610-1243597163-2470444081-1003
c:\recycler\S-1-5-21-839522115-1383384898-527237240-1003
c:\windows\run.log
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-05 19:19 . 2010-04-05 21:33--------d-----w-c:\documents and settings\All Users\Application Data\RegCure
2010-04-05 19:19 . 2010-04-05 21:31--------d-----w-c:\program files\RegCure
2010-04-04 23:48 . 2010-04-05 21:18--------d-----w-c:\documents and settings\All Users\Application Data\NOS
2010-04-04 23:48 . 2010-04-04 23:48--------d-----w-c:\program files\NOS
2010-03-13 21:52 . 2010-03-13 21:52152576----a-w-c:\documents and settings\Nathan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 19:15 . 2009-02-03 18:22--------d-----w-c:\documents and settings\Nathan\Application Data\StarOffice8
2010-04-05 22:12 . 2009-03-05 04:52--------d-----w-c:\program files\SeekeenSrch
2010-04-05 21:42 . 2009-03-05 04:52--------d-----w-c:\documents and settings\All Users\Application Data\SeekeenSrch
2010-04-04 14:50 . 2009-02-03 18:256952----a-w-c:\documents and settings\Nathan\Application Data\wklnhst.dat
2010-04-04 14:41 . 2009-02-10 20:33--------d-----w-c:\documents and settings\Nathan\Application Data\Teleca
2010-04-04 14:40 . 2009-02-10 20:29--------d-----w-c:\program files\Common Files\Teleca Shared
2010-03-17 00:41 . 2009-02-10 19:29--------d-----w-c:\documents and settings\Nathan\Application Data\LimeWire
2010-03-13 21:54 . 2008-07-05 02:39--------d-----w-c:\program files\Java
2010-03-13 21:52 . 2009-11-11 00:3679488----a-w-c:\documents and settings\Nathan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2008-07-03 04:32832512----a-w-c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-07-03 04:3178336----a-w-c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-07-03 04:3117408----a-w-c:\windows\system32\corpol.dll
2010-02-12 10:03 . 2010-02-25 15:00293376------w-c:\windows\system32\browserchoice.exe
2008-05-07 08:34 . 2008-07-05 02:5515523560----a-w-c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

c:\documents and settings\Nathan\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2007-8-18 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-7-5 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:5139792----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:2057344----a-w-c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:422808832----a-w-c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:443883856----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:0177824----a-w-c:\windows\SoundMan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 21:52 35168]
R2 EKRN;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 09:16 472280]
S1 driubrsb;driubrsb;\??\c:\windows\system32\drivers\driubrsb.sys --> c:\windows\system32\drivers\driubrsb.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelperREG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-04-06 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-06 19:50:09
ComboFix-quarantined-files.txt 2010-04-06 19:49

Pre-Run: 28,739,575,808 bytes free
Post-Run: 30,070,956,032 bytes free

- - End Of File - - CA2EDE311A4535339C36392BCBDED7EA

That was scary :-sThere is a dangerous backdoor trojan on your system. This is a sign of total system compromise.
Backdoor trojans are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal SENSITIVE information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to: http://www.viruslist.com/en/viruses/glossary?glossid=189208417
I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned.
Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

[/color]
Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a backdoor trojan. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove backdoor trojans cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

GUIDES for format and reinstall: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115

http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143
However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me KNOW what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Solve : PLEASE HELP?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment