Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure


  • Please log in to reply
19 replies to this topic

#1 rudince

rudince

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 30 June 2011 - 02:37 PM

Hi bleeping computer

I am having trouble with my physical memory.

My physical memory is running at 75% with only task manager running, runs at 85% with IE

not sure if this is caused by something malicious?

thanks

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 30 June 2011 - 11:22 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

====================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 01 July 2011 - 10:07 AM

security check said it had no issues on the scrren but never actually gave me a document.

one thing i did notice was it spamming "find is not recognised as an internal or external command. operale file or batch file", not sure if thats what it always does?

mbam didnt find anything

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6994

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

01/07/2011 16:05:16
mbam-log-2011-07-01 (16-05-16).txt

Scan type: Quick scan
Objects scanned: 159401
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Edited by rudince, 01 July 2011 - 10:09 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 01 July 2011 - 08:10 PM

Re-download Security Check and try again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 July 2011 - 06:09 AM

re downloaded it and this is what im getting, same as before


Posted Image

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 02 July 2011 - 11:17 AM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 July 2011 - 01:41 PM

i dont know if there is a certain way to attach the document so i uploaded it to mega upload

http://www.megaupload.com/?d=ALTHCDCA

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 02 July 2011 - 05:32 PM

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 96.73 0 K 24 K
System 4 0.77 0 K 792 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
smss.exe 504 288 K 120 K
csrss.exe 572 1,852 K 1,564 K
wininit.exe 616 1,268 K 172 K
services.exe 660 2,636 K 2,084 K
svchost.exe 864 3,364 K 2,840 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe 2860 1,492 K 252 K
igfxsrvc.exe 2644 < 0.01 2,064 K 1,752 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
unsecapp.exe 3524 2,284 K 1,140 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation C:\Windows\system32\wbem\unsecapp.exe -Embedding
WmiPrvSE.exe 3584 3,476 K 3,008 K
ehmsas.exe 1112 1,144 K 168 K Media Center Media Status Aggregator Service Microsoft Corporation C:\Windows\ehome\ehmsas.exe -Embedding
FlashUtil10k_ActiveX.exe 4672 1,720 K 5,336 K Adobe® Flash® Player Installer/Uninstaller 10.1 r85 Adobe Systems, Inc. C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -Embedding
svchost.exe 928 3,760 K 2,704 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 1084 16,532 K 4,012 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1244 < 0.01 18,428 K 10,556 K
svchost.exe 1144 57,356 K 45,740 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WUDFHost.exe 2508 3,164 K 256 K
dwm.exe 3300 1,148 K 340 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 1164 78,576 K 12,488 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2460 2,132 K 396 K
taskeng.exe 3120 9,880 K 1,508 K Task Scheduler Engine Microsoft Corporation taskeng.exe {DCA36780-C4F0-4449-BC72-C6C95AAAFEDE}
wuauclt.exe 2536 2,656 K 404 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
svchost.exe 1268 2,012 K 932 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe 1300 6,060 K 952 K Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
svchost.exe 1328 8,304 K 2,892 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1488 20,072 K 5,236 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe 1704 7,468 K 2,508 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1728 13,796 K 5,352 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
AppleMobileDeviceService.exe 348 3,144 K 488 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe 440 1,796 K 596 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
LSSrvc.exe 536 1,052 K 144 K Hewlett-Packard Company "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
lxcycoms.exe 1416 3,876 K 1,392 K Printer Communication System C:\Windows\system32\lxcycoms.exe -service
ccsvchst.exe 1468 41,456 K 12,916 K Symantec Service Framework Symantec Corporation "C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe" /s "NAV" /m "C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll" /prefetch:1
ccsvchst.exe 3104 10,236 K 7,548 K
svchost.exe 1808 2,172 K 180 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 1540 6,296 K 1,604 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 920 1,484 K 532 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
SearchIndexer.exe 340 42,692 K 14,524 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 1396 4,404 K 8,368 K
SearchFilterHost.exe 1096 3,100 K 5,004 K
alg.exe 3472 1,356 K 164 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
iPodService.exe 2664 3,100 K 944 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
wmpnetwk.exe 2800 15,172 K 9,180 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
lsass.exe 680 3,380 K 3,100 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 688 2,460 K 1,448 K
csrss.exe 624 15,124 K 7,796 K
winlogon.exe 728 2,196 K 764 K
explorer.exe 3332 < 0.01 34,048 K 26,116 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
hpsysdrv.exe 3812 720 K 296 K hpsysdrv Hewlett-Packard Company "C:\hp\support\hpsysdrv.exe"
OSD.exe 3820 988 K 308 K OsdMaestro main program OsdMaestro "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
RtHDVCpl.exe 3828 8,352 K 740 K HD Audio Control Panel Realtek Semiconductor "C:\Windows\RtHDVCpl.exe"
hpwuSchd2.exe 3844 924 K 448 K Hewlett-Packard Product Assistant Hewlett-Packard Co. "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
ezprint.exe 3972 4,888 K 924 K Lexmark Fast Pics Application Lexmark International Inc. "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
igfxtray.exe 4080 1,320 K 328 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
hkcmd.exe 1736 < 0.01 1,736 K 1,128 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 316 1,060 K 332 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
lxcymon.exe 2160 3,056 K 1,176 K Device Monitor "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
jusched.exe 2124 1,164 K 124 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper.exe 3060 < 0.01 6,724 K 560 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
sidebar.exe 3068 < 0.01 5,604 K 1,220 K Windows Sidebar Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
ehtray.exe 1448 1,440 K 476 K Media Center Tray Applet Microsoft Corporation "C:\Windows\ehome\ehtray.exe"
msnmsgr.exe 2852 20,596 K 1,000 K Windows Live Messenger Microsoft Corporation "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SUPERANTISPYWARE.EXE 1340 35,492 K 628 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
ONENOTEM.EXE 3508 1,020 K 304 K Microsoft Office OneNote Quick Launcher Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
iTunes.exe 4452 < 0.01 81,916 K 33,544 K iTunes Apple Inc. "C:\Program Files\iTunes\iTunes.exe"
AppleMobileDeviceHelper.exe 4708 3,060 K 256 K MobileDeviceHelper Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\301608981024971985120804452 --parentPipe
distnoted.exe 5144 1,600 K 180 K distnoted Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe"
minixp.exe 5352 < 0.01 2,164 K 1,804 K Minimizer-XP Totalidea Software "C:\Users\Rudince\Desktop\minixp.exe"
iexplore.exe 4664 11,948 K 28,008 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 1040 59,180 K 58,240 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:71937
procexp.exe 912 0.77 15,168 K 21,528 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Rudince\Desktop\ProcessExplorer\procexp.exe"


Your CPU usage (that's the only thing you need to worry about) looks perfectly normal.
System Idle Process (CPU NOT used) is listed at 96.73%.
How much RAM do you have?

========================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

Edited by Broni, 02 July 2011 - 05:33 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 03 July 2011 - 09:52 AM

i have 1gb ram

here is the autorun

http://www.filedropper.com/autoruns

the reason i am concerned about my ram is because i have this error

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d948683, pid=3992, tid=1512
#
# Java VM: Java HotSpot™ Client VM (11.0-b15 mixed mode windows-x86)
# Problematic frame:
# V [jvm.dll+0x98683]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#

--------------- T H R E A D ---------------

Current thread (0x02044c00): VMThread [stack: 0x019b0000,0x01a00000] [id=1512]

siginfo: ExceptionCode=0xc0000005, reading address 0x000007c6

Registers:
EAX=0x000007c6, EBX=0x6dac50e8, ECX=0x019ffbe4, EDX=0x6da90a08
ESP=0x019ff9c8, EBP=0x019ffa88, ESI=0x4ba4cb80, EDI=0x019ffbe4
EIP=0x6d948683, EFLAGS=0x00010287

Top of Stack: (sp=0x019ff9c8)
0x019ff9c8: 019ffa70 ffff0a81 6d9fabc5 4ba4cb80
0x019ff9d8: 019ffbe4 019ffa70 00000000 019ffa88
0x019ff9e8: 4de1f1ac 020aa888 00000007 0000000e
0x019ff9f8: 00000002 0a81cb01 6d92ffff 6d9fad73
0x019ffa08: 019ffa70 019ffa88 019ffbe4 6d9fa510
0x019ffa18: 6dac50e8 6dac50e8 6d954fe0 019ffa70
0x019ffa28: 019ffa88 019ffbe4 47b98c00 019ffa70
0x019ffa38: 00000000 00000001 6d95623c 019ffbe4

Instructions: (pc=0x6d948683)
0x6d948673: 24 08 8b 06 85 c0 57 8b f9 74 55 3b 47 1c 73 50
0x6d948683: 8b 08 83 e1 03 80 f9 03 75 1f 8a 0d dd 15 ac 6d


Stack: [0x019b0000,0x01a00000], sp=0x019ff9c8, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [jvm.dll+0x98683]

VM_Operation (0x4ba4c9d4): GenCollectForAllocation, mode: safepoint, requested by thread 0x47b98c00


--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x47b99800 JavaThread "Thread-28" daemon [_thread_blocked, id=4008, stack(0x4dc60000,0x4dcb0000)]
0x47b99400 JavaThread "Thread-27" daemon [_thread_in_native, id=2260, stack(0x4cad0000,0x4cb20000)]
0x020da400 JavaThread "Thread-24" daemon [_thread_blocked, id=5752, stack(0x4c6f0000,0x4c740000)]
0x020da000 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=5400, stack(0x4bb00000,0x4bb50000)]
0x020d7000 JavaThread "Thread-22" daemon [_thread_blocked, id=4752, stack(0x4afa0000,0x4aff0000)]
0x020d9000 JavaThread "Thread-20" daemon [_thread_blocked, id=4780, stack(0x4a8c0000,0x4a910000)]
0x47b98c00 JavaThread "Thread-19" daemon [_thread_blocked, id=5316, stack(0x4ba00000,0x4ba50000)]
0x47b98800 JavaThread "Thread-18" daemon [_thread_blocked, id=5352, stack(0x4b9b0000,0x4ba00000)]
0x47b98400 JavaThread "Thread Manager" [_thread_blocked, id=1248, stack(0x4b140000,0x4b190000)]
0x020d8800 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=4940, stack(0x4a870000,0x4a8c0000)]
0x020d8400 JavaThread "AWT-Windows" daemon [_thread_blocked, id=5144, stack(0x4a7e0000,0x4a830000)]
0x020d7c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=5072, stack(0x4a790000,0x4a7e0000)]
0x020d7800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3588, stack(0x4a720000,0x4a770000)]
0x020d6c00 JavaThread "neXus Input" [_thread_blocked, id=4988, stack(0x4a570000,0x4a5c0000)]
0x020d6400 JavaThread "neXus Painter" [_thread_blocked, id=5208, stack(0x4a520000,0x4a570000)]
0x020d6000 JavaThread "W6:6" [_thread_blocked, id=1464, stack(0x47f70000,0x47fc0000)]
0x020d5c00 JavaThread "W5:5" [_thread_blocked, id=4796, stack(0x47f20000,0x47f70000)]
0x020d5400 JavaThread "W4:4" [_thread_blocked, id=3052, stack(0x47ed0000,0x47f20000)]
0x020d5000 JavaThread "W3:3" [_thread_blocked, id=4868, stack(0x47e30000,0x47e80000)]
0x020d4800 JavaThread "W2:2" [_thread_blocked, id=4860, stack(0x47dc0000,0x47e10000)]
0x020d4400 JavaThread "W1:1" [_thread_blocked, id=5940, stack(0x47d70000,0x47dc0000)]
0x020d3c00 JavaThread "W0:0" [_thread_blocked, id=4932, stack(0x47ca0000,0x47cf0000)]
0x020d3800 JavaThread "Thread-1" [_thread_blocked, id=1708, stack(0x472f0000,0x47340000)]
0x020d3000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1584, stack(0x46e80000,0x46ed0000)]
0x020cf000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4728, stack(0x46e30000,0x46e80000)]
0x020ce800 JavaThread "Attach Listener" daemon [_thread_blocked, id=4772, stack(0x46de0000,0x46e30000)]
0x020c3c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=4768, stack(0x46d90000,0x46de0000)]
0x020b2000 JavaThread "Finalizer" daemon [_thread_blocked, id=2304, stack(0x46d40000,0x46d90000)]
0x020ad800 JavaThread "Reference Handler" daemon [_thread_blocked, id=4516, stack(0x46cf0000,0x46d40000)]
0x01559c00 JavaThread "main" [_thread_blocked, id=836, stack(0x014b0000,0x01500000)]

Other Threads:
=>0x02044c00 VMThread [stack: 0x019b0000,0x01a00000] [id=1512]
0x020db800 WatcherThread [stack: 0x46ed0000,0x46f20000] [id=4792]

VM state:at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
[0x01557de8] UNKNOWN - owner thread: 0x02044c00
[0x01558248] UNKNOWN - owner thread: 0x47b98c00

Heap
def new generation total 7424K, used 6873K [0x04100000, 0x04900000, 0x08de0000)
eden space 6656K, 100% used [0x04100000, 0x04780000, 0x04780000)
from space 768K, 28% used [0x04840000, 0x04876730, 0x04900000)
to space 768K, 0% used [0x04780000, 0x04780150, 0x04840000)
tenured generation total 96964K, used 71659K [0x08de0000, 0x0ec91000, 0x42900000)
the space 96964K, 73% used [0x08de0000, 0x0d3daf88, 0x0d3db000, 0x0ec91000)
compacting perm gen total 27904K, used 27807K [0x42900000, 0x44440000, 0x46900000)
the space 27904K, 99% used [0x42900000, 0x44427e50, 0x44428000, 0x44440000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jdk1.6.0_10\bin\javaw.exe
0x77420000 - 0x77547000 C:\Windows\system32\ntdll.dll
0x77270000 - 0x7734c000 C:\Windows\system32\kernel32.dll
0x75ad0000 - 0x75b96000 C:\Windows\system32\ADVAPI32.dll
0x76e50000 - 0x76f13000 C:\Windows\system32\RPCRT4.dll
0x76f20000 - 0x76fbd000 C:\Windows\system32\USER32.dll
0x75bb0000 - 0x75bfb000 C:\Windows\system32\GDI32.dll
0x77660000 - 0x7767e000 C:\Windows\system32\IMM32.DLL
0x77350000 - 0x77418000 C:\Windows\system32\MSCTF.dll
0x75c10000 - 0x75cba000 C:\Windows\system32\msvcrt.dll
0x75c00000 - 0x75c09000 C:\Windows\system32\LPK.DLL
0x76fc0000 - 0x7703d000 C:\Windows\system32\USP10.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\msvcr71.dll
0x6d8b0000 - 0x6db06000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\client\jvm.dll
0x74a30000 - 0x74a62000 C:\Windows\system32\WINMM.dll
0x76880000 - 0x769c5000 C:\Windows\system32\ole32.dll
0x76bd0000 - 0x76c5d000 C:\Windows\system32\OLEAUT32.dll
0x744f0000 - 0x7452d000 C:\Windows\system32\OLEACC.dll
0x75900000 - 0x7592c000 C:\Windows\system32\apphelp.dll
0x6d330000 - 0x6d338000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\hpi.dll
0x75a30000 - 0x75a37000 C:\Windows\system32\PSAPI.DLL
0x6d860000 - 0x6d86c000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\verify.dll
0x6d3d0000 - 0x6d3ef000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\java.dll
0x6d8a0000 - 0x6d8af000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\zip.dll
0x47120000 - 0x4718d000 C:\Users\Rudince\.swt\lib\win32\x86\swt-win32-3730.dll
0x767d0000 - 0x76843000 C:\Windows\system32\comdlg32.dll
0x76b70000 - 0x76bc9000 C:\Windows\system32\SHLWAPI.dll
0x74820000 - 0x749be000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll
0x75cc0000 - 0x767d0000 C:\Windows\system32\SHELL32.dll
0x77180000 - 0x77266000 C:\Windows\system32\WININET.dll
0x75ba0000 - 0x75ba3000 C:\Windows\system32\Normaliz.dll
0x77040000 - 0x77173000 C:\Windows\system32\urlmon.dll
0x76c60000 - 0x76e48000 C:\Windows\system32\iertutil.dll
0x75400000 - 0x754f2000 C:\Windows\system32\CRYPT32.dll
0x75560000 - 0x75572000 C:\Windows\system32\MSASN1.dll
0x75980000 - 0x7599e000 C:\Windows\system32\USERENV.dll
0x75960000 - 0x75974000 C:\Windows\system32\Secur32.dll
0x74b20000 - 0x74b5f000 C:\Windows\system32\uxtheme.dll
0x6d6c0000 - 0x6d6d3000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\net.dll
0x76850000 - 0x7687d000 C:\Windows\system32\WS2_32.dll
0x769d0000 - 0x769d6000 C:\Windows\system32\NSI.dll
0x750f0000 - 0x7512b000 C:\Windows\system32\mswsock.dll
0x75150000 - 0x75155000 C:\Windows\System32\wship6.dll
0x73e30000 - 0x73e3f000 C:\Windows\system32\NLAapi.dll
0x75360000 - 0x75379000 C:\Windows\system32\IPHLPAPI.DLL
0x75320000 - 0x75355000 C:\Windows\system32\dhcpcsvc.DLL
0x755b0000 - 0x755dc000 C:\Windows\system32\DNSAPI.dll
0x75310000 - 0x75317000 C:\Windows\system32\WINNSI.DLL
0x752e0000 - 0x75302000 C:\Windows\system32\dhcpcsvc6.DLL
0x72550000 - 0x7255f000 C:\Windows\system32\napinsp.dll
0x72510000 - 0x72522000 C:\Windows\system32\pnrpnsp.dll
0x72540000 - 0x72548000 C:\Windows\System32\winrnr.dll
0x77580000 - 0x775c9000 C:\Windows\system32\WLDAP32.dll
0x72350000 - 0x72375000 C:\Program Files\Bonjour\mdnsNSP.dll
0x74dd0000 - 0x74dd5000 C:\Windows\System32\wshtcpip.dll
0x72b80000 - 0x72b86000 C:\Windows\system32\rasadhlp.dll
0x74e70000 - 0x74eab000 C:\Windows\system32\rsaenh.dll
0x6d840000 - 0x6d848000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\sunmscapi.dll
0x6b0c0000 - 0x6b136000 C:\Users\Rudince\AppData\Local\Temp\sqlite-3.6.14.2-sqlitejdbc.dll
0x73720000 - 0x73814000 C:\Windows\system32\WindowsCodecs.dll
0x775d0000 - 0x77654000 C:\Windows\system32\CLBCatQ.DLL
0x6ed10000 - 0x6ed2f000 C:\Windows\system32\EhStorShell.dll
0x741b0000 - 0x7426b000 C:\Windows\system32\PROPSYS.dll
0x74de0000 - 0x74de5000 C:\Windows\system32\msimg32.dll
0x6d610000 - 0x6d619000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\management.dll
0x4a4c0000 - 0x4a4f0000 C:\Windows\system32\mlang.dll
0x4a610000 - 0x4a62d000 C:\Users\Rudince\.swt\lib\win32\x86\swt-gdip-win32-3730.dll
0x742d0000 - 0x7447b000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x6d0b0000 - 0x6d1e8000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\awt.dll
0x72b90000 - 0x72bd2000 C:\Windows\system32\WINSPOOL.DRV
0x6ff10000 - 0x6ff1c000 C:\Windows\system32\DWMAPI.DLL
0x6d2d0000 - 0x6d324000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\fontmanager.dll
0x6d6e0000 - 0x6d6e9000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\nio.dll
0x6d850000 - 0x6d85f000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\unpack.dll
0x6d500000 - 0x6d524000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\jpeg.dll
0x6d5d0000 - 0x6d5f4000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\jsound.dll
0x6d600000 - 0x6d608000 C:\Program Files\Java\jdk1.6.0_10\jre\bin\jsoundds.dll
0x6df40000 - 0x6dfb0000 C:\Windows\system32\DSOUND.dll
0x74df0000 - 0x74e0a000 C:\Windows\system32\POWRPROF.dll
0x74110000 - 0x7413f000 C:\Windows\system32\wdmaud.drv
0x749f0000 - 0x749f4000 C:\Windows\system32\ksuser.dll
0x744c0000 - 0x744e8000 C:\Windows\system32\MMDevAPI.DLL
0x74a00000 - 0x74a07000 C:\Windows\system32\AVRT.dll
0x769e0000 - 0x76b6a000 C:\Windows\system32\SETUPAPI.dll
0x74180000 - 0x741ad000 C:\Windows\system32\WINTRUST.dll
0x77550000 - 0x77579000 C:\Windows\system32\imagehlp.dll
0x740e0000 - 0x74101000 C:\Windows\system32\AUDIOSES.DLL
0x73ef0000 - 0x73f56000 C:\Windows\system32\audioeng.dll
0x740a0000 - 0x740a9000 C:\Windows\system32\msacm32.drv
0x73ed0000 - 0x73ee4000 C:\Windows\system32\MSACM32.dll
0x73e20000 - 0x73e27000 C:\Windows\system32\midimap.dll
0x6b890000 - 0x6b8b9000 C:\.jagex_cache_32\runescape\jaclib.dll
0x6d350000 - 0x6d356000 C:\Program Files\Java\jre6\bin\jawt.dll
0x4ba50000 - 0x4ba5d000 C:\.jagex_cache_32\runescape\jagmisc.dll

VM Arguments:
jvm_args: -Xmx1000m -Xbootclasspath/p:C:\Users\Rudince\Desktop\botclient\botclient\jars\bergCoder1273.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\install.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\JGoodies-forms-1.2.1.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\JGoodies-looks-2.2.2.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\org.eclipse.core.commands_3.5.0.I20090525-2000.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\org.eclipse.equinox.common_3.5.1.R35x_v20090807-1100.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\org.eclipse.jface_3.5.2.M20100120-0800.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\org.eclipse.osgi_3.5.2.R35x_v20100126.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\org.eclipse.ui.workbench_3.5.2.M20100113-0800.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\swing-layout-1.0.3.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\swt-3.7-Windows-32bit-M7.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\nexus21.602.jar;C:\Users\Rudince\Desktop\botclient\botclient\jars\sqlitejdbc-3.6.14.2-Universal.jar;
java_command: impsoft.nexus.installer.Main
Launcher Type: SUN_STANDARD

Environment Variables:
CLASSPATH=.
PATH=C:\Program Files\Java\jdk1.6.0_10\bin;C:\Program Files\Java\jdk1.6.0_13\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Java\jre6\bin;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_13\bin
USERNAME=Rudince
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows Vista Build 6002 Service Pack 2

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 1038984k(124064k free), swap 2344568k(1246956k free)

vm_info: Java HotSpot™ Client VM (11.0-b15) for windows-x86 JRE (1.6.0_10-b33), built on Sep 26 2008 01:00:43 by "java_re" with MS VC++ 7.1

time: Thu Jun 30 16:56:07 2011
elapsed time: 201 seconds


it is a java application that opens, runs for roughly 2 mins then shuts down

i was told this was probably due to my memory

Edited by rudince, 03 July 2011 - 09:53 AM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 03 July 2011 - 10:50 AM

OK, we seem to have some issues there.

1. Vista definitely needs at least 2GB of RAM to run smoothly. With 1GB you will struggle.
We can reduce some load by eliminating some unnecessary startups, but eventually you'll have to get more RAM.

2. You seem to have some registry issues.
From your Autoruns log I can see this:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
+ "explorer.exe" "" "" "File not found: explorer.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" ""
+ "cmd.exe" "" "" "File not found: cmd.exe"


Let's check something....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :reg
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell
    :filefind
    explorer.exe
    cmd.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 July 2011 - 07:45 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 13:41 on 04/07/2011 by Rudince
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell]
(Unable to open key - key not found)

========== filefind ==========

Searching for "cmd.exe"
C:\hp\bin\cmd.exe --a---- 320000 bytes [19:20 06/06/2007] [09:44 02/11/2006] 349CD4318E6E351C9BB72EE13B7CA807
C:\Windows\System32\cmd.exe --a---- 318976 bytes [11:54 21/07/2008] [07:33 19/01/2008] 74F26FC01B180D4A99A168ED69C30A53
C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6000.16386_none_88d604c11d71789b\cmd.exe --a---- 320000 bytes [08:36 02/11/2006] [09:44 02/11/2006] 349CD4318E6E351C9BB72EE13B7CA807
C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe --a---- 318976 bytes [11:54 21/07/2008] [07:33 19/01/2008] 74F26FC01B180D4A99A168ED69C30A53

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2926592 bytes [15:26 24/09/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe --a---- 2923520 bytes [03:03 14/11/2007] [03:03 14/11/2007] 6D06CD98D954FE87FB2DB8108793B399
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [21:23 11/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe --a---- 2923520 bytes [03:03 14/11/2007] [03:03 14/11/2007] BD06F0BF753BC704B653C3A50F89D362
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [21:23 11/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [11:54 21/07/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [21:23 11/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [21:23 11/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [15:26 24/09/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

-= EOF =-


Edited by rudince, 04 July 2011 - 07:57 AM.


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 04 July 2011 - 11:25 AM

Both files are in place, but you have two important registry keys missing.

I don't think this is malware related issue.

How long ago did all this start?

Do you have Vista DVD?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 July 2011 - 10:23 AM

started tuesday (1 week ago)

dont think i have vista DVD

just so confused with this problem im having

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 05 July 2011 - 02:44 PM

Can you check, if you have restore point from before all this started?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 rudince

rudince
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 06 July 2011 - 07:47 AM

how would i go about that?

and what would i lose? all my files since that day?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users