Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems


  • This topic is locked This topic is locked
15 replies to this topic

#1 bigdumbal

bigdumbal

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 13 May 2010 - 01:40 AM

Win xppro, sp3. ie8

I REALLY WILL STOP SURFING PORN NOW

pops up new ie windows (not tabs) that link to random sites, often unknown search engines showing results for last string searched on google, often for other random things (news 6 live, adfat, sals barbershop). seemingly benign.

After some time of this, more serious infections occur, including antivirus soft, many others.

Malabytes will knock out what it brings in, but not kill the initial infection.

have run malabytes in safe mode, safe mode + neworking, and mutiple times after knocking out later more malicious infections in both safe mode and regular. Sometimes picks up a few stragglres, sometimes not. But in all cases I still have the original thing which pops up a new ie window to some odd thing and presumably opens the door for the rest.

Any help greatly appreciated, and, really, despite any other sex life to speak of, sad though that may be, I will leave the porn sites alone after this.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 13 May 2010 - 04:04 PM

Ok let's do this and see some logs please.

*************************************
>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot your computer after running rkill as the malware programs will start again.

^^

If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now run SAS:
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 14 May 2010 - 12:26 PM

Thank you for helping, boopme.

- downloaded and ran fix.exe and let it install
- downloaded rkill from your 'link 2' and ran
- your 'link 3', and 'link 4' appear to be other links to rkill? they want to overwrite the one from link 2 so I ignored them. advise if this is inappropriate
- updated mbam (version 4100)
- mbam quickscan produces no detections
-mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2010 10:12:31 AM
mbam-log-2010-05-14 (10-12-31).txt

Scan type: Quick scan
Objects scanned: 151420
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

- failed to follow instructions to the letter and did not reboot after mbam; advise if i should redo everything
- downloaded and scanned with sas per instructions
- rebooted per sas's instructions

-sas log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2010 at 11:05 AM

Application Version : 4.37.1000

Core Rules Database Version : 4934
Trace Rules Database Version: 2746

Scan type : Complete Scan
Total Scan Time : 00:25:39

Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 7738
Registry threats detected : 0
File items scanned : 22156
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.gossipcenter[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@clickpayz2.91423.blueseek[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adserver.adtechus[1].txt

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP439\A0031385.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP439\A0031386.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP439\A0031387.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP439\A0031388.EXE

-will now surf a bit and wait to see if it comes back. suspect it will as I've done this much on my own before. typically it will now be fine for a while, then will pop up a new ie window to an unkonwn, seemingly random site, often a search engine, typically shortly after I open an ie window, then will begin to do that more frequently, followed by a flood of malware.

Thank you agan.

#4 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 14 May 2010 - 12:36 PM

Only took a few minutes;

IE window to www.nexplore.com popped up. I closed it immediately.

Edited by bigdumbal, 14 May 2010 - 12:36 PM.


#5 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 14 May 2010 - 01:49 PM

Now another to 'infomash'... top.infomash.org

Edited by bigdumbal, 14 May 2010 - 01:50 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 14 May 2010 - 02:14 PM

OK the links in RKILL are alternates if one won't work..
MBAM was clwean so , no need to reboot.

We will run Drweb-cureit next...


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 14 May 2010 - 07:17 PM

after some false starts, drweb cureit is running. been running full scan for several hours, will be all night from the looks of it's progress thus far. will post log when complete. most interesting thing so far is 'proceess in memory C:\WINDOWS\system32\svchost.exe:1068','BackDoor.Tdss.565'. found and 'eradicated' during express scan, found and 'eradicated' again during full scan.

#8 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 15 May 2010 - 12:25 AM

Process in memory: C:\WINDOWS\system32\svchost.exe:1068;;BackDoor.Tdss.565;Eradicated.;
6eb74992-42e9c3d3\myf/y/AppletX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\18\6eb74992-42e9c3d3;Exploit.CVE2008.5353;;
6eb74992-42e9c3d3\myf/y/LoaderX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\18\6eb74992-42e9c3d3;Exploit.CVE2008.5353;;
6eb74992-42e9c3d3\myf/y/TrewsdF.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\18\6eb74992-42e9c3d3;Exploit.CVE2008.5353;;
6eb74992-42e9c3d3;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\18;Archive contains infected objects;Moved.;
7cd6d302-30d3be4a\dev/s/AdgredY.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\2\7cd6d302-30d3be4a;Exploit.Java.38;;
7cd6d302-30d3be4a\dev/s/DyesyasZ.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\2\7cd6d302-30d3be4a;Exploit.Java.38;;
7cd6d302-30d3be4a\dev/s/LoaderX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\2\7cd6d302-30d3be4a;Exploit.Java.38;;
7cd6d302-30d3be4a;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\2;Archive contains infected objects;Moved.;
7075181f-27da2ae4\dev/s/AdgredY.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\31\7075181f-27da2ae4;Exploit.Java.38;;
7075181f-27da2ae4\dev/s/DyesyasZ.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\31\7075181f-27da2ae4;Exploit.Java.38;;
7075181f-27da2ae4\dev/s/LoaderX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\31\7075181f-27da2ae4;Exploit.Java.38;;
7075181f-27da2ae4;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\31;Archive contains infected objects;Moved.;
48345e37-6e36e56f\myf/y/AppletX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\55\48345e37-6e36e56f;Exploit.CVE2008.5353;;
48345e37-6e36e56f\myf/y/LoaderX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\55\48345e37-6e36e56f;Exploit.CVE2008.5353;;
48345e37-6e36e56f\myf/y/NbablaF.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\55\48345e37-6e36e56f;Exploit.CVE2008.5353;;
48345e37-6e36e56f;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\55;Archive contains infected objects;Moved.;
3248d7a-227e8711\dev/s/AdgredY.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\58\3248d7a-227e8711;Exploit.Java.38;;
3248d7a-227e8711\dev/s/DyesyasZ.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\58\3248d7a-227e8711;Exploit.Java.38;;
3248d7a-227e8711\dev/s/LoaderX.class;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\58\3248d7a-227e8711;Exploit.Java.38;;
3248d7a-227e8711;C:\Documents and Settings\Alexander Kreider\Application Data\Sun\Java\Deployment\cache\6.0\58;Archive contains infected objects;Moved.;
IPClient_install.exe;C:\Program Files\wpcvtr;Trojan.Inservice.origin;Incurable.Moved.;
A0031461.exe;C:\System Volume Information\_restore{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP440;Trojan.Inservice.origin;Incurable.Moved.;


- well, so much for anonimity lol
- some 10 hrs later, my house sure got clean while I was waiting for dr web to finish.

I'm including a couple of logs, presumably produced by java, though really I have no idea; they were just there on my desktop when dr web finished... have no idea if they are helpful or not, but suspect they are related since things were found in java by dr web, and they are new since running it.



this;

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x030fa1ef, pid=1672, tid=4092
#
# Java VM: Java HotSpot™ Client VM (11.3-b02 mixed mode, sharing windows-x86)
# Problematic frame:
# C 0x030fa1ef
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x03133000): JavaThread "thread applet-dev.s.AdgredY.class-1" [_thread_in_native, id=4092, stack(0x03650000,0x036a0000)]

siginfo: ExceptionCode=0xc0000005, writing address 0x0369378d

Registers:
EAX=0x00000000, EBX=0x26c07330, ECX=0x02d8a7e8, EDX=0x00000000
ESP=0x0369f820, EBP=0x255a255a, ESI=0x26c07330, EDI=0x03133000
EIP=0x030fa1ef, EFLAGS=0x00210202

Top of Stack: (sp=0x0369f820)
0x0369f820: 030fa1d4 030fa1d4 030fa1ec 0369f82c
0x0369f830: 26c07330 0369f860 26c079f8 00000000
0x0369f840: 26c07330 00000000 0369f85c 0369f888
0x0369f850: 00c12e83 00000000 00c18189 22a9b688
0x0369f860: 22aa7988 22aa7988 0369f868 26c0728f
0x0369f870: 0369f898 26c079f8 00000000 26c072b0
0x0369f880: 0369f85c 0369f894 0369f8bc 00c12da1
0x0369f890: 22ac6920 22a9b688 22aa7988 0369f89c

Instructions: (pc=0x030fa1ef)
0x030fa1df: 2b b0 ac 19 2b 68 8d 19 2b 40 81 9b 2a 30 73 c0
0x030fa1ef: 26 c8 77 c0 26 40 81 9b 2a 38 84 c0 26 48 84 c0


Stack: [0x03650000,0x036a0000], sp=0x0369f820, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x030fa1ef

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j dev.s.AdgredY.init()V+572
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x02d6c800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=1048, stack(0x04660000,0x046b0000)]
0x02d6a800 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=2356, stack(0x04610000,0x04660000)]
=>0x03133000 JavaThread "thread applet-dev.s.AdgredY.class-1" [_thread_in_native, id=4092, stack(0x03650000,0x036a0000)]
0x0312d800 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=260, stack(0x044e0000,0x04530000)]
0x03120000 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=1248, stack(0x036a0000,0x036f0000)]
0x0311a400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3796, stack(0x04420000,0x04470000)]
0x03116400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=3736, stack(0x03790000,0x037e0000)]
0x03112800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=272, stack(0x03740000,0x03790000)]
0x03101400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=3512, stack(0x036f0000,0x03740000)]
0x030e9400 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=1040, stack(0x033c0000,0x03410000)]
0x02e4f000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3032, stack(0x03600000,0x03650000)]
0x02e4d800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4060, stack(0x03550000,0x035a0000)]
0x02e02000 JavaThread "AWT-Shutdown" [_thread_blocked, id=2884, stack(0x03500000,0x03550000)]
0x030f8c00 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2908, stack(0x034b0000,0x03500000)]
0x02ddd400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=128, stack(0x03410000,0x03460000)]
0x030f4800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=504, stack(0x03330000,0x03380000)]
0x02dd8c00 JavaThread "Timer-0" [_thread_blocked, id=3616, stack(0x032e0000,0x03330000)]
0x02d81400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=832, stack(0x03030000,0x03080000)]
0x02d7b800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3216, stack(0x02fe0000,0x03030000)]
0x02d7a000 JavaThread "Attach Listener" daemon [_thread_blocked, id=1784, stack(0x02f90000,0x02fe0000)]
0x02d78c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3792, stack(0x02f40000,0x02f90000)]
0x02d70800 JavaThread "Finalizer" daemon [_thread_blocked, id=3408, stack(0x02ef0000,0x02f40000)]
0x02d6f400 JavaThread "Reference Handler" daemon [_thread_blocked, id=2260, stack(0x02ea0000,0x02ef0000)]
0x001d6c00 JavaThread "main" [_thread_blocked, id=284, stack(0x00ba0000,0x00bf0000)]

Other Threads:
0x02d6d800 VMThread [stack: 0x02e50000,0x02ea0000] [id=2972]
0x02d8b800 WatcherThread [stack: 0x03080000,0x030d0000] [id=3488]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4544K, used 1662K [0x22990000, 0x22e70000, 0x22e70000)
eden space 4096K, 40% used [0x22990000, 0x22b2f6a8, 0x22d90000)
from space 448K, 0% used [0x22d90000, 0x22d90288, 0x22e00000)
to space 448K, 0% used [0x22e00000, 0x22e00000, 0x22e70000)
tenured generation total 60544K, used 51224K [0x22e70000, 0x26990000, 0x26990000)
the space 60544K, 84% used [0x22e70000, 0x260762d8, 0x26076400, 0x26990000)
compacting perm gen total 12288K, used 2605K [0x26990000, 0x27590000, 0x2a990000)
the space 12288K, 21% used [0x26990000, 0x26c1b7e8, 0x26c1b800, 0x27590000)
ro space 8192K, 63% used [0x2a990000, 0x2aea8810, 0x2aea8a00, 0x2b190000)
rw space 12288K, 53% used [0x2b190000, 0x2b7fd300, 0x2b7fd400, 0x2bd90000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\imagehlp.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x003f0000 - 0x003f9000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll

VM Arguments:
jvm_args: -D__jvm_launched=21102892460 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2832_pipe3,read_pipe_name=jpi2_pid2832_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
USERNAME=Alexander Kreider
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 2097151k(2097151k free), swap 4194303k(4194303k free)

vm_info: Java HotSpot™ Client VM (11.3-b02) for windows-x86 JRE (1.6.0_13-b03), built on Mar 9 2009 01:15:24 by "java_re" with MS VC++ 7.1

time: Wed May 12 17:33:59 2010
elapsed time: 13 seconds



and this;

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x030f9cbc, pid=2344, tid=2648
#
# Java VM: Java HotSpot™ Client VM (11.3-b02 mixed mode, sharing windows-x86)
# Problematic frame:
# C 0x030f9cbc
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x0312fc00): JavaThread "thread applet-dev.s.AdgredY.class-1" [_thread_in_native, id=2648, stack(0x03650000,0x036a0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0xffffffc0

Registers:
EAX=0x00000000, EBX=0x26c072d8, ECX=0x03221c88, EDX=0x00000000
ESP=0x0369f820, EBP=0x255a255a, ESI=0x26c072d8, EDI=0x0312fc00
EIP=0x030f9cbc, EFLAGS=0x00210246

Top of Stack: (sp=0x0369f820)
0x0369f820: 030f9ca4 030f9ca4 030f9cbc 0369f82c
0x0369f830: 26c072d8 0369f860 26c079a0 00000000
0x0369f840: 26c072d8 00000000 0369f85c 0369f888
0x0369f850: 00c12e83 00000000 00c18189 22c90da0
0x0369f860: 22ca7c70 22ca7c70 0369f868 26c07237
0x0369f870: 0369f898 26c079a0 00000000 26c07258
0x0369f880: 0369f85c 0369f894 0369f8bc 00c12da1
0x0369f890: 22cbc310 22c90da0 22ca7c70 0369f89c

Instructions: (pc=0x030f9cbc)
0x030f9cac: 08 73 78 2b b0 ac 19 2b 68 8d 19 2b 40 81 9b 2a
0x030f9cbc: d8 72 c0 26 70 77 c0 26 40 81 9b 2a e0 83 c0 26


Stack: [0x03650000,0x036a0000], sp=0x0369f820, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x030f9cbc

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j dev.s.AdgredY.init()V+572
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x02d6c800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=1864, stack(0x04640000,0x04690000)]
0x03135000 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=1844, stack(0x04560000,0x045b0000)]
=>0x0312fc00 JavaThread "thread applet-dev.s.AdgredY.class-1" [_thread_in_native, id=2648, stack(0x03650000,0x036a0000)]
0x0312c000 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=2644, stack(0x04510000,0x04560000)]
0x0311ec00 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=2636, stack(0x044c0000,0x04510000)]
0x03101000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2628, stack(0x04470000,0x044c0000)]
0x03112c00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2620, stack(0x03790000,0x037e0000)]
0x03111000 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2616, stack(0x03740000,0x03790000)]
0x03106000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2608, stack(0x036f0000,0x03740000)]
0x030fac00 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=2552, stack(0x033c0000,0x03410000)]
0x02e4f000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=2544, stack(0x03600000,0x03650000)]
0x02e4d800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2540, stack(0x03550000,0x035a0000)]
0x030f8800 JavaThread "AWT-Shutdown" [_thread_blocked, id=2536, stack(0x03500000,0x03550000)]
0x02e01800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2528, stack(0x034b0000,0x03500000)]
0x02dde400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=1576, stack(0x03410000,0x03460000)]
0x030f4800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2488, stack(0x03330000,0x03380000)]
0x02dd8c00 JavaThread "Timer-0" [_thread_blocked, id=2484, stack(0x032e0000,0x03330000)]
0x02d81400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2472, stack(0x03030000,0x03080000)]
0x02d7b800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=100, stack(0x02fe0000,0x03030000)]
0x02d7a000 JavaThread "Attach Listener" daemon [_thread_blocked, id=2468, stack(0x02f90000,0x02fe0000)]
0x02d78c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2464, stack(0x02f40000,0x02f90000)]
0x02d70800 JavaThread "Finalizer" daemon [_thread_blocked, id=2460, stack(0x02ef0000,0x02f40000)]
0x02d6f400 JavaThread "Reference Handler" daemon [_thread_blocked, id=2264, stack(0x02ea0000,0x02ef0000)]
0x001d6c00 JavaThread "main" [_thread_blocked, id=2388, stack(0x00ba0000,0x00bf0000)]

Other Threads:
0x02d6d800 VMThread [stack: 0x02e50000,0x02ea0000] [id=2416]
0x02d8b800 WatcherThread [stack: 0x03080000,0x030d0000] [id=2480]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4544K, used 3827K [0x22990000, 0x22e70000, 0x22e70000)
eden space 4096K, 93% used [0x22990000, 0x22d4cb60, 0x22d90000)
from space 448K, 0% used [0x22d90000, 0x22d90120, 0x22e00000)
to space 448K, 0% used [0x22e00000, 0x22e00000, 0x22e70000)
tenured generation total 60544K, used 49178K [0x22e70000, 0x26990000, 0x26990000)
the space 60544K, 81% used [0x22e70000, 0x25e76888, 0x25e76a00, 0x26990000)
compacting perm gen total 12288K, used 2605K [0x26990000, 0x27590000, 0x2a990000)
the space 12288K, 21% used [0x26990000, 0x26c1b790, 0x26c1b800, 0x27590000)
ro space 8192K, 63% used [0x2a990000, 0x2aea8810, 0x2aea8a00, 0x2b190000)
rw space 12288K, 53% used [0x2b190000, 0x2b7fd300, 0x2b7fd400, 0x2bd90000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\imagehlp.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x003f0000 - 0x003f9000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll

VM Arguments:
jvm_args: -D__jvm_launched=353977444 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid128_pipe3,read_pipe_name=jpi2_pid128_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
USERNAME=Alexander Kreider
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 2097151k(2097151k free), swap 4194303k(4194303k free)

vm_info: Java HotSpot™ Client VM (11.3-b02) for windows-x86 JRE (1.6.0_13-b03), built on Mar 9 2009 01:15:24 by "java_re" with MS VC++ 7.1

time: Thu May 13 20:20:32 2010
elapsed time: 14 seconds

#9 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 15 May 2010 - 11:12 AM

went to bed
got up and tunned it on to see if you'd had a chance to reply
almost immediately a second ie widow poped up, went to a site I did not have a chance to see, and quickly redirected to yellowbook, a site I'd visited yesterday... shut it down after that as I did not want to give it time to spread again, and went to this machine to post this.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 15 May 2010 - 07:57 PM

Hello, sorry had a family situation. Looks like we will need specialized tools to kill this TDDS thing.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 May 2010 - 08:43 PM

been having troubles...

could not connect to bleeping computer for a few days 'unable to display the web page'.

finally got in and saw your last reply.

got defogger and dds to run, gmer is making problems.

have tried to post dds log twice now and I get 'Internet Explorer is unable to display the web page'.

When I click the back button, I see 'initializing attachments' with a clocky thing going round and round interminably...

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 18 May 2010 - 10:04 PM

Can you look in All Programs >>Startup
see if there is an odd thing running at startup like zipgaz32? Google or post it here. If google shows no resukts delete it and see if you can connect.

can you transfer the logs to another computer andpost from there.

Edited by boopme, 18 May 2010 - 10:08 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 May 2010 - 11:38 PM

I cannot open a new topic in the logs section, with or without the attachment. I don't know why. when I get done with it, and click 'post new topic" I get unable to display page. I have tried from both the link in the prep guide and the link in your post in this thread, and by just navigating to that sub-forum, with and without attachments. in all cases the results are the same.

apparently I can post here.

I am a little scared to move the logs to the other computer for fear it will become infected as well.

I'm sorry; this is such a pain.

I wonder if you were to open a thread there if I could reply to it, since I seem to be able to reply here.

Alternatively I could post here if you have the ability to move the whole thread to that forum. I understand keeping logs in 'logs', and don't want to mess up the system.


to answer your question, no, nothing visible in startup except 'hp digital imaging monitor', which has been there since I installed the printer ~ 2yrs ago.

Edited by bigdumbal, 18 May 2010 - 11:55 PM.


#14 bigdumbal

bigdumbal
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 20 May 2010 - 03:36 PM

moved dds log and attach to another machine, posting from there

see this;

http://www.bleepingcomputer.com/forums/ind...22&t=318011

Thank You.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 20 May 2010 - 04:15 PM

It's a blank post.
Manage Current Attachments 0
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users