Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble Loadig Vista


  • Please log in to reply
1 reply to this topic

#1 David8225

David8225

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 01 November 2010 - 05:18 AM


For the last few days, my computer has been running very,very slow. Sometimes so long that it won't load a page. I've had viruses, device mgr problems, sowftware problems in the past and have always been able to fix the problem. This has me stumped and frustrated. I've used all the spryware, virus programs and even did a system restore but I can't seem to get past whatever the problem is. Gone to safe mode, etc.... My point - I have done everthing I know how to fix this and I'm still stuck. (HijackThis,Combofix,etc...) I have installed no new hardware or software. May I post my hijackthis log on here to see if that helps? Thank you. Some of these logs may be irrelevant - so I apologize in advance. I do not have a recovery disc to use.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:35 AM, on 11/1/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\control.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\System32\control.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\hijackthis.exe
C:\Windows\system32\mmc.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9d696f4fb9280) (gupdate1c9d696f4fb9280) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)



OS Name Microsoft® Windows Vista™ Home Basic
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name OWNER-PC
System Manufacturer Gateway
System Model Unknow
System Type X86-based PC
Processor AMD Athlon™ Processor LE-1620, 2411 Mhz, 1 Core(s), 1 Logical Processor(s)
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 10/29/2008
SMBIOS Version 2.4
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name Owner-PC\Owner
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 2.00 GB
Total Physical Memory 1.87 GB
Available Physical Memory 1.38 GB
Total Virtual Memory 3.98 GB
Available Virtual Memory 3.61 GB
Page File Space 2.17 GB
Page File C:\pagefile.sys



Logfile of HijackThis v1.99.1
Scan saved at 11:20:07 PM, on 10/21/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Owner\AppData\Local\Temp\gtp98ku.exe
C:\Users\Owner\AppData\Local\Temp\zg18f656.exe
C:\Users\Owner\AppData\Local\Temp\p83u5rex.exe
C:\Windows\mdm.exe
C:\Windows\mdm.exe
C:\Users\Owner\AppData\Local\Temp\mdm.exe
C:\Windows\smss.exe
C:\Users\Owner\AppData\Local\Temp\system.exe
C:\Users\Owner\AppData\Local\Temp\iexplarer.exe
C:\Users\Owner\AppData\Local\Temp\install.exe
C:\Users\Owner\AppData\Local\Temp\avp.exe
C:\Users\Owner\AppData\Local\Temp\tmugw.exe
C:\Windows\hexdump.exe
C:\Windows\debug.exe
C:\Users\Owner\AppData\Local\Temp\win16.exe
C:\Users\Owner\AppData\Local\Temp\nvsvc32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mshta.exe
C:\Windows\system32\cmd.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\32788R22FWJFW\cmd.cfxxe
C:\32788R22FWJFW\pev.exe
C:\Windows\system32\SearchFilterHost.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [ocmnwesxar.exe] "C:\Users\Owner\AppData\Local\temp\ocmnwesxar.exe"
O4 - HKLM\..\Run: [uPc+kt0NcZaXms] rundll32.exe C:\Windows\system32\ti7dhk.dll, SystemServer
O4 - HKLM\..\Run: [uPc+kt0NrPaGuo] rundll32.exe C:\Windows\system32\tmr2o1k.dll, SystemServer
O4 - HKLM\..\Run: [uPc+kt0NdteaXms] rundll32.exe C:\Windows\system32\z8hpeygres.dll, SystemServer
O4 - HKLM\..\Run: [lsdefrag] C:\Users\Owner\AppData\Local\temp\xcrmsenwoa.exe
O4 - HKLM\..\Run: [MqsZ] C:\Windows\mdm.exe
O4 - HKLM\..\Run: [Lvkdhfngne] C:\Users\Owner\AppData\Local\Temp\mdm.exe
O4 - HKLM\..\Run: [Mqug] C:\Windows\smss.exe
O4 - HKLM\..\Run: [Mqvpe] C:\Windows\winamp.exe
O4 - HKLM\..\Run: [Lvkdhfnguuc] C:\Users\Owner\AppData\Local\Temp\system.exe
O4 - HKLM\..\Run: [LvkdhfngpTg] C:\Users\Owner\AppData\Local\Temp\gtp98ku.exe
O4 - HKLM\..\Run: [Lvkdhfngoe] C:\Users\Owner\AppData\Local\Temp\avp.exe
O4 - HKLM\..\Run: [Lvkdhfngotd] C:\Users\Owner\AppData\Local\Temp\install.exe
O4 - HKLM\..\Run: [Lvkdhfngmtd] C:\Users\Owner\AppData\Local\Temp\iexplarer.exe
O4 - HKLM\..\Run: [LvkdhfngrB_] C:\Users\Owner\AppData\Local\Temp\zg18f656.exe
O4 - HKLM\..\Run: [Mqrtc] C:\Windows\hexdump.exe
O4 - HKLM\..\Run: [Mqqoc] C:\Windows\debug.exe
O4 - HKLM\..\Run: [LvkdhfngrA] C:\Users\Owner\AppData\Local\Temp\win16.exe
O4 - HKLM\..\Run: [LvkdhfngsfP] C:\Users\Owner\AppData\Local\Temp\nvsvc32.exe
O4 - HKLM\..\Run: [LvkdhfngdTc] C:\Users\Owner\AppData\Local\Temp\p83u5rex.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uPc+kt0NcZaXms] rundll32.exe C:\Windows\system32\ti7dhk.dll, SystemServer
O4 - HKCU\..\Run: [uPc+kt0NrPaGuo] rundll32.exe C:\Windows\system32\tmr2o1k.dll, SystemServer
O4 - HKCU\..\Run: [uPc+kt0NdteaXms] rundll32.exe C:\Windows\system32\z8hpeygres.dll, SystemServer
O4 - HKCU\..\Run: [MqsZ] C:\Windows\mdm.exe
O4 - HKCU\..\Run: [Lvkdhfngne] C:\Users\Owner\AppData\Local\Temp\mdm.exe
O4 - HKCU\..\Run: [Mqug] C:\Windows\smss.exe
O4 - HKCU\..\Run: [Mqvpe] C:\Windows\winamp.exe
O4 - HKCU\..\Run: [Lvkdhfnguuc] C:\Users\Owner\AppData\Local\Temp\system.exe
O4 - HKCU\..\Run: [LvkdhfngpTg] C:\Users\Owner\AppData\Local\Temp\gtp98ku.exe
O4 - HKCU\..\Run: [Lvkdhfngoe] C:\Users\Owner\AppData\Local\Temp\avp.exe
O4 - HKCU\..\Run: [Lvkdhfngotd] C:\Users\Owner\AppData\Local\Temp\install.exe
O4 - HKCU\..\Run: [Lvkdhfngmtd] C:\Users\Owner\AppData\Local\Temp\iexplarer.exe
O4 - HKCU\..\Run: [LvkdhfngrB_] C:\Users\Owner\AppData\Local\Temp\zg18f656.exe
O4 - HKCU\..\Run: [Mqrtc] C:\Windows\hexdump.exe
O4 - HKCU\..\Run: [Mqqoc] C:\Windows\debug.exe
O4 - HKCU\..\Run: [LvkdhfngrA] C:\Users\Owner\AppData\Local\Temp\win16.exe
O4 - HKCU\..\Run: [LvkdhfngsfP] C:\Users\Owner\AppData\Local\Temp\nvsvc32.exe
O4 - HKCU\..\Run: [LvkdhfngdTc] C:\Users\Owner\AppData\Local\Temp\p83u5rex.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9d696f4fb9280) (gupdate1c9d696f4fb9280) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)




#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6b979851, pid=3908, tid=4052
#
# JRE version: 6.0_22-b04
# Java VM: Java HotSpot™ Client VM (17.1-b03 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [mshtml.dll+0x249851]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x12e95000): JavaThread "Thread-0" [_thread_in_native, id=4052, stack(0x133a0000,0x134a0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x000000f0

Registers:
EAX=0x00000000, EBX=0x00000000, ECX=0x00000037, EDX=0x34413058
ESP=0x1349f49c, EBP=0x1349f4b4, ESI=0x0b7a87f0, EDI=0x76e89e3b
EIP=0x6b979851, EFLAGS=0x00010246

Top of Stack: (sp=0x1349f49c)
0x1349f49c: 00000000 0b7a87f0 3440b4c8 6b830640
0x1349f4ac: 0b7a87f0 00000000 1349f4c8 6b82ddc9
0x1349f4bc: 0b7a87f0 12e95000 3440b4c8 1349f4d4
0x1349f4cc: 6b809b67 0b7a87f0 1349f4e0 6b9536ae
0x1349f4dc: 0b7a8804 1349f52c 6d403099 0b7a8838
0x1349f4ec: 10019f37 12e95118 1349f534 0b7a8838
0x1349f4fc: 00000000 00000010 32561fe8 00000000
0x1349f50c: 1349f50c 00000000 1349f540 34413058

Instructions: (pc=0x6b979851)
0x6b979841: 14 2b c6 6b 8b 3d f4 13 73 6b 8b f1 ff d7 33 db
0x6b979851: 39 98 f0 00 00 00 74 1f ff 35 14 2b c6 6b ff d7


Stack: [0x133a0000,0x134a0000], sp=0x1349f49c, free space=3fd1349efd0k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [mshtml.dll+0x249851]
C [mshtml.dll+0xfddc9]
C [mshtml.dll+0xd9b67]
C [mshtml.dll+0x2236ae]
C [jp2iexp.dll+0x3099]
j sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject(Lsun/plugin2/liveconnect/BrowserSideObject;)V+4
j sun.plugin2.main.server.LiveConnectSupport$PerPluginInfo.releaseAllObjects()V+34
j sun.plugin2.main.server.LiveConnectSupport.shutdown(I)V+42
j sun.plugin2.main.server.JVMInstance.unregisterApplet(I)V+63
j sun.plugin2.main.server.JVMInstance.dispose()V+67
j sun.plugin2.main.server.JVMInstance.access$2600(Lsun/plugin2/main/server/JVMInstance;)V+1
j sun.plugin2.main.server.JVMInstance$Listener.jvmExited(Lsun/plugin2/jvm/JVMLauncher;)V+86
j sun.plugin2.jvm.JVMLauncher.fireJVMExited()V+31
j sun.plugin2.jvm.JVMLauncher.access$300(Lsun/plugin2/jvm/JVMLauncher;)V+1
j sun.plugin2.jvm.JVMLauncher$JVMWatcher.run()V+50
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
V [jvm.dll+0xf3a9c]
V [jvm.dll+0x186591]
V [jvm.dll+0xf3c67]
V [jvm.dll+0xf3cdd]
V [jvm.dll+0x11da00]
V [jvm.dll+0x1e7004]
V [jvm.dll+0x185f3c]
C [MSVCR71.dll+0x9565]
C [kernel32.dll+0x4d0e9]
C [ntdll.dll+0x419bb]
C [ntdll.dll+0x4198e]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.iUnknownRelease(J)V+0
j sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject(Lsun/plugin2/liveconnect/BrowserSideObject;)V+4
j sun.plugin2.main.server.LiveConnectSupport$PerPluginInfo.releaseAllObjects()V+34
j sun.plugin2.main.server.LiveConnectSupport.shutdown(I)V+42
j sun.plugin2.main.server.JVMInstance.unregisterApplet(I)V+63
j sun.plugin2.main.server.JVMInstance.dispose()V+67
j sun.plugin2.main.server.JVMInstance.access$2600(Lsun/plugin2/main/server/JVMInstance;)V+1
j sun.plugin2.main.server.JVMInstance$Listener.jvmExited(Lsun/plugin2/jvm/JVMLauncher;)V+86
j sun.plugin2.jvm.JVMLauncher.fireJVMExited()V+31
j sun.plugin2.jvm.JVMLauncher.access$300(Lsun/plugin2/jvm/JVMLauncher;)V+1
j sun.plugin2.jvm.JVMLauncher$JVMWatcher.run()V+50
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x12e96400 JavaThread "JRE 1.6.0.22 Worker Thread" [_thread_blocked, id=2680, stack(0x135e0000,0x136e0000)]
0x12e95c00 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=3072, stack(0x13940000,0x13a40000)]
0x12e95800 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=3344, stack(0x13710000,0x13810000)]
=>0x12e95000 JavaThread "Thread-0" [_thread_in_native, id=4052, stack(0x133a0000,0x134a0000)]
0x12e9f000 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=2560, stack(0x134a0000,0x135a0000)]
0x0e60e400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3276, stack(0x12d70000,0x12e70000)]
0x0e5e3800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1352, stack(0x129c0000,0x12ac0000)]
0x0e5d1000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3524, stack(0x127c0000,0x128c0000)]
0x0e5cfc00 JavaThread "Attach Listener" daemon [_thread_blocked, id=2268, stack(0x125c0000,0x126c0000)]
0x0e5cc000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3176, stack(0x123d0000,0x124d0000)]
0x0e5c8000 JavaThread "Finalizer" daemon [_thread_blocked, id=3328, stack(0x0faf0000,0x0fbf0000)]
0x0e5c6c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=1400, stack(0x122b0000,0x123b0000)]
0x0fc8fc00 JavaThread "main" [_thread_in_native, id=312, stack(0x0fd10000,0x0ff10000)]

Other Threads:
0x0e5c5400 VMThread [stack: 0x12120000,0x12220000] [id=1364]
0x0e5fe400 WatcherThread [stack: 0x12bc0000,0x12cc0000] [id=2780]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4928K, used 1504K [0x32400000, 0x32950000, 0x32ea0000)
eden space 4416K, 34% used [0x32400000, 0x32578030, 0x32850000)
from space 512K, 0% used [0x32850000, 0x32850000, 0x328d0000)
to space 512K, 0% used [0x328d0000, 0x328d0000, 0x32950000)
tenured generation total 10944K, used 0K [0x32ea0000, 0x33950000, 0x34400000)
the space 10944K, 0% used [0x32ea0000, 0x32ea0000, 0x32ea0200, 0x33950000)
compacting perm gen total 12288K, used 829K [0x34400000, 0x35000000, 0x38400000)
the space 12288K, 6% used [0x34400000, 0x344cf778, 0x344cf800, 0x35000000)
ro space 10240K, 51% used [0x38400000, 0x3892baf8, 0x3892bc00, 0x38e00000)
rw space 12288K, 54% used [0x38e00000, 0x394976d8, 0x39497800, 0x39a00000)

Dynamic libraries:
0x00ae0000 - 0x00b7c000 C:\Program Files\Internet Explorer\iexplore.exe
0x77200000 - 0x77327000 C:\Windows\system32\ntdll.dll
0x76e40000 - 0x76f1c000 C:\Windows\system32\kernel32.dll
0x76d70000 - 0x76e36000 C:\Windows\system32\ADVAPI32.dll
0x77130000 - 0x771f3000 C:\Windows\system32\RPCRT4.dll
0x75b90000 - 0x75c2d000 C:\Windows\system32\USER32.dll
0x77010000 - 0x7705b000 C:\Windows\system32\GDI32.dll
0x76740000 - 0x767ea000 C:\Windows\system32\msvcrt.dll
0x77370000 - 0x773c9000 C:\Windows\system32\SHLWAPI.dll
0x75c30000 - 0x76740000 C:\Windows\system32\SHELL32.dll
0x76a90000 - 0x76bd5000 C:\Windows\system32\ole32.dll
0x76820000 - 0x76a08000 C:\Windows\system32\iertutil.dll
0x76be0000 - 0x76d13000 C:\Windows\system32\urlmon.dll
0x773d0000 - 0x7745d000 C:\Windows\system32\OLEAUT32.dll
0x77330000 - 0x7734e000 C:\Windows\system32\IMM32.DLL
0x77060000 - 0x77128000 C:\Windows\system32\MSCTF.dll
0x75af0000 - 0x75af9000 C:\Windows\system32\LPK.DLL
0x76a10000 - 0x76a8d000 C:\Windows\system32\USP10.dll
0x75340000 - 0x754de000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x75ac0000 - 0x75ae9000 C:\Windows\system32\imagehlp.dll
0x76f20000 - 0x77006000 C:\Windows\system32\WININET.dll
0x77350000 - 0x77353000 C:\Windows\system32\Normaliz.dll
0x6e7e0000 - 0x6f275000 C:\Windows\system32\IEFRAME.dll
0x75a40000 - 0x75ab3000 C:\Windows\system32\comdlg32.dll
0x72540000 - 0x72573000 C:\Program Files\Internet Explorer\IEShims.dll
0x75760000 - 0x7577e000 C:\Windows\system32\USERENV.dll
0x75740000 - 0x75754000 C:\Windows\system32\Secur32.dll
0x73ac0000 - 0x73b7b000 C:\Windows\system32\PROPSYS.dll
0x75b00000 - 0x75b84000 C:\Windows\system32\CLBCatQ.DLL
0x74640000 - 0x7467b000 C:\Windows\system32\rsaenh.dll
0x748b0000 - 0x748eb000 C:\Windows\system32\mswsock.dll
0x767f0000 - 0x7681d000 C:\Windows\system32\WS2_32.dll
0x77360000 - 0x77366000 C:\Windows\system32\NSI.dll
0x75000000 - 0x75007000 C:\Windows\system32\wsock32.dll
0x74f20000 - 0x74f4c000 C:\Windows\system32\dnsapi.dll
0x74760000 - 0x74765000 C:\Windows\System32\wshtcpip.dll
0x758b0000 - 0x75a3a000 C:\Windows\system32\SETUPAPI.dll
0x69410000 - 0x69450000 C:\Program Files\Internet Explorer\ieproxy.dll
0x72700000 - 0x72753000 C:\Windows\system32\ACTXPRXY.DLL
0x75650000 - 0x7567c000 C:\Windows\system32\apphelp.dll
0x745c0000 - 0x745e1000 C:\Windows\system32\NTMARTA.DLL
0x76d20000 - 0x76d69000 C:\Windows\system32\WLDAP32.dll
0x75810000 - 0x75817000 C:\Windows\system32\PSAPI.DLL
0x74f00000 - 0x74f11000 C:\Windows\system32\SAMLIB.dll
0x74e60000 - 0x74e68000 C:\Windows\system32\VERSION.dll
0x73d50000 - 0x73d9a000 C:\Windows\system32\RASAPI32.dll
0x73f70000 - 0x73f84000 C:\Windows\system32\rasman.dll
0x75540000 - 0x755b6000 C:\Windows\system32\NETAPI32.dll
0x73d10000 - 0x73d41000 C:\Windows\system32\TAPI32.dll
0x743e0000 - 0x743ec000 C:\Windows\system32\rtutils.dll
0x73cd0000 - 0x73d02000 C:\Windows\system32\WINMM.dll
0x74e90000 - 0x74ecd000 C:\Windows\system32\OLEACC.dll
0x75100000 - 0x751f2000 C:\Windows\system32\CRYPT32.dll
0x75510000 - 0x75522000 C:\Windows\system32\MSASN1.dll
0x74d30000 - 0x74d37000 C:\Windows\system32\credssp.dll
0x747c0000 - 0x74806000 C:\Windows\system32\schannel.dll
0x69a30000 - 0x69a36000 C:\Windows\system32\sensapi.dll
0x6a700000 - 0x6a730000 C:\Windows\system32\MLANG.dll
0x74580000 - 0x7458f000 C:\Windows\system32\NLAapi.dll
0x74c70000 - 0x74c89000 C:\Windows\system32\IPHLPAPI.DLL
0x74d80000 - 0x74db5000 C:\Windows\system32\dhcpcsvc.DLL
0x74d70000 - 0x74d77000 C:\Windows\system32\WINNSI.DLL
0x74d40000 - 0x74d62000 C:\Windows\system32\dhcpcsvc6.DLL
0x74100000 - 0x7413f000 C:\Windows\system32\UxTheme.dll
0x75020000 - 0x75026000 C:\Windows\system32\rasadhlp.dll
0x74c60000 - 0x74c65000 C:\Windows\System32\wship6.dll
0x74590000 - 0x7459f000 C:\Windows\system32\napinsp.dll
0x744b0000 - 0x744c2000 C:\Windows\system32\pnrpnsp.dll
0x743d0000 - 0x743d8000 C:\Windows\System32\winrnr.dll
0x75680000 - 0x756df000 C:\Windows\system32\SXS.DLL
0x6b730000 - 0x6bce2000 C:\Windows\system32\mshtml.dll
0x71970000 - 0x71999000 C:\Windows\system32\msls31.dll
0x72780000 - 0x7278b000 C:\Windows\system32\msimtf.dll
0x6cf60000 - 0x6d014000 C:\Windows\system32\jscript.dll
0x74b40000 - 0x74b82000 C:\Windows\system32\WINSPOOL.DRV
0x715e0000 - 0x71619000 C:\Windows\system32\Dxtrans.dll
0x74fc0000 - 0x74fd4000 C:\Windows\system32\ATL.DLL
0x72760000 - 0x7276a000 C:\Windows\system32\ddrawex.dll
0x6e6f0000 - 0x6e7d5000 C:\Windows\system32\DDRAW.dll
0x73b80000 - 0x73b86000 C:\Windows\system32\DCIMAN32.dll
0x73ff0000 - 0x73ffc000 C:\Windows\system32\dwmapi.dll
0x66bd0000 - 0x67330000 C:\Windows\system32\nvd3dum.dll
0x745a0000 - 0x745ba000 C:\Windows\system32\powrprof.dll
0x72530000 - 0x7253c000 C:\Windows\system32\ImgUtil.dll
0x72440000 - 0x7244e000 C:\Windows\system32\pngfilt.dll
0x6cea0000 - 0x6cef7000 C:\Windows\system32\Dxtmsft.dll
0x74c10000 - 0x74c15000 C:\Windows\system32\msimg32.dll
0x74070000 - 0x7409f000 C:\Windows\system32\XmlLite.dll
0x743f0000 - 0x7441d000 C:\Windows\system32\wintrust.dll
0x70c50000 - 0x70d86000 C:\Windows\System32\msxml3.dll
0x69a70000 - 0x69a96000 C:\Windows\system32\dssenh.dll
0x755c0000 - 0x755f5000 C:\Windows\system32\ncrypt.dll
0x75030000 - 0x75075000 C:\Windows\system32\bcrypt.dll
0x74620000 - 0x74635000 C:\Windows\system32\GPAPI.dll
0x74e00000 - 0x74e3a000 C:\Windows\system32\slc.dll
0x73da0000 - 0x73f4b000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x6c1e0000 - 0x6c2ac000 C:\Windows\system32\D3DIM700.DLL
0x73330000 - 0x7335f000 C:\Windows\system32\wdmaud.drv
0x73a80000 - 0x73a84000 C:\Windows\system32\ksuser.dll
0x74000000 - 0x74028000 C:\Windows\system32\MMDevAPI.DLL
0x75010000 - 0x75017000 C:\Windows\system32\AVRT.dll
0x73300000 - 0x73321000 C:\Windows\system32\AUDIOSES.DLL
0x72fb0000 - 0x73016000 C:\Windows\system32\audioeng.dll
0x732e0000 - 0x732e9000 C:\Windows\system32\msacm32.drv
0x72f90000 - 0x72fa4000 C:\Windows\system32\MSACM32.dll
0x72f80000 - 0x72f87000 C:\Windows\system32\midimap.dll
0x65c20000 - 0x66203000 C:\Windows\system32\Macromed\Flash\Flash10k.ocx
0x6bf40000 - 0x6bfb0000 C:\Windows\system32\DSOUND.dll
0x69820000 - 0x69882000 C:\Windows\system32\mscms.dll
0x71950000 - 0x71958000 C:\Windows\system32\dispex.dll
0x6d400000 - 0x6d41e000 C:\Program Files\Java\jre6\bin\jp2iexp.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\MSVCR71.dll
0x73890000 - 0x73915000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
0x6d7f0000 - 0x6da97000 C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
0x6d7a0000 - 0x6d7ac000 C:\PROGRA~1\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\PROGRA~1\Java\jre6\bin\java.dll
0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\jre6\bin\hpi.dll
0x6d7e0000 - 0x6d7ef000 C:\PROGRA~1\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll
0x6d620000 - 0x6d629000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files\Java\jre6\bin\regutils.dll
0x13070000 - 0x131ba000 C:\Program Files\Java\jre6\bin\awt.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Windows\System32\WindowsPowerShell\v1.0
USERNAME=Owner
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 3, AuthenticAMD



--------------- S Y S T E M ---------------

OS: Windows Vista Build 6002 Service Pack 2

CPU:total 1 (1 cores per cpu, 1 threads per core) family 15 model 95 stepping 3, cmov, cx8, fxsr, mmx, sse, sse2, sse3, mmxext, 3dnow, 3dnowext

Memory: 4k page, physical 1963788k(943620k free), swap 4175300k(3037100k free)

vm_info: Java HotSpot™ Client VM (17.1-b03) for windows-x86 JRE (1.6.0_22-b04), built on Sep 15 2010 00:56:36 by "java_re" with MS VC++ 7.1 (VS2003)

time: Sun Oct 31 16:30:21 2010
elapsed time: 191 seconds

Edited by hamluis, 01 November 2010 - 10:02 AM.
Moved from Vista forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:38 PM

Posted 08 November 2010 - 07:47 AM

Hello David8225

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users