Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


'net shutdown...really, REALLY weird!

  • Please log in to reply
15 replies to this topic

#1 nmdamgud


  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 12 December 2004 - 02:13 AM

hi guys...

wanted to share this with you...but, of course, i'm hoping you can tell me what the hell it is! as you can see by the time on this "log", at midnite saturday, dec 11, my puter went VERY briefly offline...i thought i had lost internet connection, but my modem was still lit up...when it came back up, at 12:01 sunday, my desktop was rearranged...and while i was putting it back, i had this foreign icon on my desktop. when i clicked on it, this is what it gave me: :flowers:

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0xFADACE9
Library=C:\Program Files\Java\j2re1.4.2_05\bin\awt.dll

Current Java thread:
at sun.awt.windows.WComponentPeer.nativeHandleEvent(Native Method)
at sun.awt.windows.WComponentPeer.handleEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F56000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778CC000 C:\WINDOWS\system32\SHDOCVW.dll
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x754D0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x774E0000 - 0x7761C000 C:\WINDOWS\system32\ole32.dll
0x5B860000 - 0x5B8B4000 C:\WINDOWS\system32\NETAPI32.dll
0x771B0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x773D0000 - 0x774D2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7C9C0000 - 0x7D1D4000 C:\WINDOWS\system32\SHELL32.dll
0x5D090000 - 0x5D127000 C:\WINDOWS\system32\comctl32.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x75F80000 - 0x7607C000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772FE000 C:\WINDOWS\system32\urlmon.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x77A20000 - 0x77A74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661D000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x10000000 - 0x100B3000 c:\program files\google\googletoolbar2.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76990000 - 0x769B5000 C:\WINDOWS\system32\ntshrui.dll
0x76B20000 - 0x76B31000 C:\WINDOWS\system32\ATL.DLL
0x769C0000 - 0x76A73000 C:\WINDOWS\system32\USERENV.dll
0x71B20000 - 0x71B32000 C:\WINDOWS\system32\MPR.dll
0x75F60000 - 0x75F67000 C:\WINDOWS\System32\drprov.dll
0x71C10000 - 0x71C1E000 C:\WINDOWS\System32\ntlanman.dll
0x71CD0000 - 0x71CE7000 C:\WINDOWS\System32\NETUI0.dll
0x71C90000 - 0x71CD0000 C:\WINDOWS\System32\NETUI1.dll
0x71C80000 - 0x71C87000 C:\WINDOWS\System32\NETRAP.dll
0x71BF0000 - 0x71C03000 C:\WINDOWS\System32\SAMLIB.dll
0x75F70000 - 0x75F79000 C:\WINDOWS\System32\davclnt.dll
0x73D70000 - 0x73D83000 C:\WINDOWS\System32\shgina.dll
0x75970000 - 0x75A67000 C:\WINDOWS\system32\MSGINA.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x74320000 - 0x7435D000 C:\WINDOWS\system32\ODBC32.dll
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x02000000 - 0x02017000 C:\WINDOWS\system32\odbcint.dll
0x092D0000 - 0x09349000 C:\WINDOWS\system32\Audiodev.dll
0x086C0000 - 0x08904000 C:\WINDOWS\system32\WMVCore.DLL
0x070D0000 - 0x0710B000 C:\WINDOWS\system32\WMASF.DLL
0x593F0000 - 0x59482000 C:\WINDOWS\system32\wiashext.dll
0x4EC50000 - 0x4EDF3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x021E0000 - 0x024A5000 C:\WINDOWS\system32\xpsp2res.dll
0x73BA0000 - 0x73BB3000 C:\WINDOWS\System32\sti.dll
0x74AE0000 - 0x74AE7000 C:\WINDOWS\System32\CFGMGR32.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\DBGHELP.DLL
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.DLL
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x77C70000 - 0x77C93000 C:\WINDOWS\system32\msv1_0.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x02160000 - 0x0216B000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x02950000 - 0x02A0B000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\olepro32.dll
0x02B10000 - 0x02B98000 C:\WINDOWS\system32\shdoclc.dll
0x5FF20000 - 0x5FF46000 C:\WINDOWS\system32\MSRATING.dll
0x5FF50000 - 0x5FF61000 C:\WINDOWS\system32\msratelc.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\mlang.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x7D1E0000 - 0x7D492000 C:\WINDOWS\system32\msi.dll
0x75E90000 - 0x75F40000 C:\WINDOWS\system32\SXS.DLL
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x7D4A0000 - 0x7D783000 C:\WINDOWS\System32\mshtml.dll
0x746C0000 - 0x746E7000 C:\WINDOWS\System32\msls31.dll
0x746F0000 - 0x7471A000 C:\WINDOWS\System32\msimtf.dll
0x74720000 - 0x7476B000 C:\WINDOWS\System32\MSCTF.dll
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x75C50000 - 0x75CBE000 c:\windows\system32\jscript.dll
0x73300000 - 0x73367000 c:\windows\system32\vbscript.dll
0x73DD0000 - 0x73ECE000 c:\windows\system32\MFC42.DLL
0x03900000 - 0x03AA7000 C:\WINDOWS\system32\macromed\flash\Flash.ocx
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x6D430000 - 0x6D43A000 C:\WINDOWS\System32\ddrawex.dll
0x73760000 - 0x737A9000 C:\WINDOWS\System32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\System32\DCIMAN32.dll
0x76200000 - 0x76271000 C:\WINDOWS\System32\mshtmled.dll
0x76820000 - 0x76833000 C:\WINDOWS\system32\HLINK.DLL
0x71D40000 - 0x71D5C000 C:\WINDOWS\System32\actxprxy.dll
0x79170000 - 0x79196000 C:\WINDOWS\System32\mscoree.dll
0x79410000 - 0x79425000 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x79480000 - 0x79499000 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
0x767F0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x0FFD0000 - 0x0FFF8000 C:\WINDOWS\system32\rsaenh.dll
0x68100000 - 0x68124000 C:\WINDOWS\system32\dssenh.dll
0x6CC60000 - 0x6CC6B000 C:\WINDOWS\System32\dispex.dll
0x72B20000 - 0x72B38000 C:\WINDOWS\system32\plugin.ocx
0x6BDD0000 - 0x6BE05000 C:\WINDOWS\System32\dxtrans.dll
0x6BE10000 - 0x6BE6A000 C:\WINDOWS\System32\dxtmsft.dll
0x73000000 - 0x73026000 C:\WINDOWS\System32\WINSPOOL.DRV
0x66880000 - 0x6688C000 C:\WINDOWS\system32\ImgUtil.dll
0x4D4F0000 - 0x4D548000 C:\WINDOWS\system32\WINHTTP.dll
0x5DE30000 - 0x5DF07000 C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL
0x6D460000 - 0x6D470000 C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
0x6D330000 - 0x6D348000 C:\Program Files\Java\j2re1.4.2_05\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D3A0000 - 0x6D3B8000 C:\Program Files\Java\j2re1.4.2_05\bin\jpishare.dll
0x0D300000 - 0x0D439000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\client\jvm.dll
0x02F60000 - 0x02F67000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\hpi.dll
0x033B0000 - 0x033BE000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\verify.dll
0x03E20000 - 0x03E39000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\java.dll
0x03450000 - 0x0345D000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\zip.dll
0x0FA40000 - 0x0FB52000 C:\Program Files\Java\j2re1.4.2_05\bin\awt.dll
0x0FB60000 - 0x0FBB1000 C:\Program Files\Java\j2re1.4.2_05\bin\fontmanager.dll
0x73940000 - 0x73A10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6D310000 - 0x6D324000 C:\Program Files\Java\j2re1.4.2_05\bin\jpicom32.dll
0x74810000 - 0x7497D000 C:\WINDOWS\system32\quartz.dll
0x75F40000 - 0x75F51000 C:\WINDOWS\System32\devenum.dll
0x736B0000 - 0x736B7000 C:\WINDOWS\system32\msdmo.dll
0x73F10000 - 0x73F6C000 C:\WINDOWS\system32\DSOUND.DLL
0x73EE0000 - 0x73EE4000 C:\WINDOWS\system32\KsUser.dll
0x0D0F0000 - 0x0D0FF000 C:\Program Files\Java\j2re1.4.2_05\bin\net.dll
0x06960000 - 0x069A7000 C:\WINDOWS\system32\wmpdxm.dll
0x0C680000 - 0x0CBCD000 C:\WINDOWS\system32\wmp.dll
0x75A70000 - 0x75A91000 C:\WINDOWS\system32\MSVFW32.dll
0x0CBD0000 - 0x0CF07000 C:\WINDOWS\system32\wmploc.dll
0x1F2C0000 - 0x1F3C1000 C:\WINDOWS\system32\wmnetmgr.dll
0x74380000 - 0x7438F000 C:\WINDOWS\system32\wdigest.dll
0x77D00000 - 0x77D33000 C:\WINDOWS\system32\netman.dll
0x76400000 - 0x765A6000 C:\WINDOWS\system32\netshell.dll
0x76C00000 - 0x76C2E000 C:\WINDOWS\system32\credui.dll
0x76D40000 - 0x76D58000 C:\WINDOWS\system32\MPRAPI.dll
0x77CC0000 - 0x77CF2000 C:\WINDOWS\system32\ACTIVEDS.dll
0x76E10000 - 0x76E35000 C:\WINDOWS\system32\adsldpc.dll
0x77620000 - 0x7768E000 C:\WINDOWS\system32\WZCSvc.DLL
0x76D30000 - 0x76D34000 C:\WINDOWS\system32\WMI.dll
0x76D80000 - 0x76D9E000 C:\WINDOWS\system32\DHCPCSVC.DLL
0x76F50000 - 0x76F58000 C:\WINDOWS\system32\WTSAPI32.dll
0x606B0000 - 0x607BD000 C:\WINDOWS\system32\ESENT.dll
0x73030000 - 0x73040000 C:\WINDOWS\system32\WZCSAPI.DLL
0x1FF60000 - 0x1FFC0000 C:\WINDOWS\system32\wmadmod.dll
0x69000000 - 0x6900E000 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
0x22AC0000 - 0x22AE2000 C:\Program Files\Java\j2re1.4.2_05\bin\dcpr.dll
0x1F4D0000 - 0x1F4EE000 C:\Program Files\Java\j2re1.4.2_05\bin\jpeg.dll
0x1F510000 - 0x1F534000 C:\Program Files\Java\j2re1.4.2_05\bin\jsound.dll
0x74E30000 - 0x74E9C000 C:\WINDOWS\system32\RICHED20.DLL
0x22270000 - 0x22283000 C:\WINDOWS\System32\mcspmpeg.ax
0x23DC0000 - 0x23E5C000 C:\WINDOWS\System32\mpegin.dll
0x22430000 - 0x2246C000 C:\WINDOWS\System32\mcmpgdec.dll
0x62000000 - 0x62025000 C:\Program Files\Common Files\Sony Shared\OpenMG\omgdec.ax
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x64700000 - 0x64721000 C:\Program Files\Common Files\Sony Shared\OpenMG\pfcom.DLL
0x63900000 - 0x63928000 C:\Program Files\Common Files\Sony Shared\OpenMG\OMGUtils.dll
0x65100000 - 0x6513B000 C:\Program Files\Common Files\Sony Shared\OpenMG\salwrap.dll
0x5E310000 - 0x5E31C000 C:\WINDOWS\System32\pngfilt.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL

Heap at VM Abort:
def new generation total 1344K, used 1254K [0x100c0000, 0x10230000, 0x10820000)
eden space 1216K, 98% used [0x100c0000, 0x101ea908, 0x101f0000)
from space 128K, 47% used [0x101f0000, 0x101ff0f8, 0x10210000)
to space 128K, 0% used [0x10210000, 0x10210000, 0x10230000)
tenured generation total 19588K, used 18350K [0x10820000, 0x11b41000, 0x160c0000)
the space 19588K, 93% used [0x10820000, 0x11a0ba88, 0x11a0bc00, 0x11b41000)
compacting perm gen total 6656K, used 6563K [0x160c0000, 0x16740000, 0x1a0c0000)
the space 6656K, 98% used [0x160c0000, 0x16728cb8, 0x16728e00, 0x16740000)

Local Time = Sun Dec 12 00:01:52 2004
Elapsed Time = 25276
# The exception above was detected in native code outside the VM
# Java VM: Java HotSpot™ Client VM (1.4.2_05-b04 mixed mode)

hoping someone can tell me what happened, and what the heck this is, and how did it come to be on my desktop???

i wanted to post this, cuz i'm going to run spybot and adaware, and that takes awhile. i'll add another post (or edit this one) if anything weird shows up.

have fun! (you KNOW i LOVE you guys!!!)

damgud :thumbsup:

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:36 AM

Posted 12 December 2004 - 03:25 AM

Don't know if this is the problem, but see this news link re Sun Java....


One of our Pro's will be able to tell.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:36 AM

Posted 13 December 2004 - 02:18 AM

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 nmdamgud

  • Topic Starter

  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 13 December 2004 - 04:31 PM

hey, grinler?

could you pah-leeeeez look this over? phawgg looked at it, koan looked at it...and we're all still baffled...help?



#5 JEservices


    helping hand

  • Members
  • 1,700 posts
  • Location:Texas
  • Local time:05:36 AM

Posted 13 December 2004 - 05:54 PM

It could be your video card or you can try a different version of java.

About the video card, do you remember making any changes recently? An update on the driver may fix it. Which one do you have again?

Have you thought about using a different browser, such as Opera or Firefox? These often will use a different version of java, and it may correct your problem.

How much is your cache size? You can find out by clicking the java icon in the system tray. Some people have problems when it is set to unlimited. You may want to set it at maximum 50 MB. Also, while you are on the Java Control Panel, you can clear out the cache by clicking clear on the cache window.

Edited: Cryo, will you please move this thread to a move appropriate forum.

Edited by JEservices, 13 December 2004 - 05:55 PM.

We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#6 TexasAngel67


    Bleeping Helper

  • Members
  • 1,551 posts
  • Location:Fort Worth
  • Local time:07:36 AM

Posted 13 December 2004 - 07:16 PM

So sorry you're having this happen, nmdamgud. It has to suck. From all that I've gathered, it's very intricate. You're not alone, though.
Here's the site I found for you and the others to view. It has some information, too complex for me.
Lots of luck. Hopefully, Grinler can lick this for you.

Read This

#7 nmdamgud

  • Topic Starter

  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 14 December 2004 - 01:43 AM

jason...the java control was set exactly as you wanted it. as to which i have...if you'll tell me where to look, i'll be happy to supply that info. and no, i made no changes or updates at all. java notes, however, that it's latest update was 6:49am 12/12/04. what else do you need?


a thoroughly confuzzled damgud :thumbsup:

#8 nmdamgud

  • Topic Starter

  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 14 December 2004 - 03:42 PM




#9 JEservices


    helping hand

  • Members
  • 1,700 posts
  • Location:Texas
  • Local time:05:36 AM

Posted 14 December 2004 - 04:05 PM

Everest Home can tell you what video card you have, even intregrated. Everest Home

On the application, click Computer, summary. Post back the Video Adapter that it displays please.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#10 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,649 posts
  • Gender:Male
  • Local time:05:36 AM

Posted 14 December 2004 - 07:58 PM

Hi dg,

I'm not sure what all that means either, but since your're already in the HijackThis forum let's see a HijackThis log. Make sure you have the latest version, which is 1.98.2 and I think you know the drill from there. :flowers:

CWS and some other recalcitrant malwares use Java and something was set to take effect at a certain date,that's why the message right at midnight--that's when the date changed.

We'll look at the log and see if there is something to deal with there and if not this can be continued outside this subforum. No sweat. :thumbsup:

The thing about people

is they change

when they walk away.--Mipso

#11 Grinler


    Lawrence Abrams

  • Admin
  • 43,665 posts
  • Gender:Male
  • Location:USA
  • Local time:06:36 AM

Posted 16 December 2004 - 11:50 AM

Yeah I would not mind seeing a hijackthis log as well. Yesterday a new version, 1.99.0, was released so you can download it here:


#12 nmdamgud

  • Topic Starter

  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 16 December 2004 - 07:58 PM

okay, you asked for it...here it is!

merry CHRISTmas,

damgud :thumbsup:

ogfile of HijackThis v1.99.0
Scan saved at 5:55:37 PM, on 12/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Survey Alerts Manager\skinkers.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijack this\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\DAILYA~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\DAILYA~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\DAILYA~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\DAILYA~1\avgupsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Edited by nmdamgud, 16 December 2004 - 07:59 PM.

#13 Grinler


    Lawrence Abrams

  • Admin
  • 43,665 posts
  • Gender:Male
  • Location:USA
  • Local time:06:36 AM

Posted 17 December 2004 - 12:57 PM

I do not see anything wrong here. Do you remember what the strange link was?

#14 nmdamgud

  • Topic Starter

  • Members
  • 357 posts
  • Location:santa fe, new mexico
  • Local time:06:36 AM

Posted 17 December 2004 - 02:21 PM

thanx, grinler...i REALLY appreciate it...

there was no "strange link"..just a new icon on my desktop. the icon was of a notepad, and the stuff i posted waaaaaaay up there/l\ is what was on the notepad when i opened it. is it possible that something TRIED to get in, but the avg that raw had me dl stopped it...and this was the result? hell, I don't know!! any educated guesses? i got it..grinler..a new GAME...MAKE A TITLE! :thumbsup:

just a thought.

merry CHRISTmas!

#15 Grinler


    Lawrence Abrams

  • Admin
  • 43,665 posts
  • Gender:Male
  • Location:USA
  • Local time:06:36 AM

Posted 17 December 2004 - 02:50 PM

I think a program crashed and it outputted the crash log as a text file on your desktop. The textfile would have a notepad icon.

Prob nothing to worry about

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users