Hijackthis log file....I have some questions and possibly need some help fixing them.....:-)

greensman · Apr 1, 2007

@KotaGuy or whoever can help......;-)

I'm working on a friends computer that according to him is operating slowly and occasionally crashes and requires a restart. I've had the computer for over a day now and haven't needed to restart due to a crash.

btw I've switched him from IE7 to Firefox [hopefully he'll continue to use it.....;-)]

I've run these programs at least once:

Ad-Aware SE
SpyBot S&D
AVG Free [added this, he didn't have a virus progie that I could find]
Zone Alarm is running now (windows firewall was before)
CCleaner
Prime95 (6 hours no errors or warnings)
SiSoft Sandra (didn't finish, to impatient...lol)
Several monitoring progies - FreshDiagnose, Everest Home, and Speedfan (but it wouldn't run for some reason)

I just ran Hijackthis but don't really know what I'm looking for....

Here is the log, I think.......

Logfile of HijackThis v1.99.1
Scan saved at 9:46:37 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE
C:\Documents and Settings\BOBBY\Desktop\new stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ttu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\DOCUME~1\BOBBY\LOCALS~1\Temp\E_S5.tmp" /EF "HKCU"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

TIA for your help......

...gm

KotaGuy · Apr 2, 2007

Nothing bad showing in the log.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

[*]The program will launch and then begin downloading the latest definition files:
[*]Once the files have been downloaded click on NEXT
[*]Now click on Scan Settings
[*]In the scan settings make that the following are selected:

[*]Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

[*]Scan Options:

Scan Archives Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button:
[*]Save the file to your desktop.

Copy/paste the contents of the file in your next reply.

greensman · Apr 3, 2007

@Kotaguy,
I haven't been able to save the log file of Kaspersky for some reason. The process locks up everytime I enter a name for the file or even when I click save in the save file window. I removed IE7 and I'm gonna try it again. It scans just fine and indicates there are 3 errors under IE7 but I can't read what they are or save the file like I said. Thanks for your help and I'll see what I can do with IE6 since the progie won't run under FireFox.

.....gm

KotaGuy · Apr 3, 2007

OK... let me know how it works out.

greensman · Apr 3, 2007

Still no go on saving the log file. It runs just fine and has the 3 errors just like IE7 but it still won't let me save the files.

Is there another progie I can run or is there something deeper wrong with the crazy thing? I really don't want to re-install WinXP but I'm leaning closer to doing that to end this silliness. I just hope that it would fix something if I did. hehehe.

Again any ideas are appreciated.

....gm

KotaGuy · Apr 3, 2007

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

greensman · Apr 3, 2007

@Kotaguy,
Ran the test and here are the results. Hope you find something that will clear up my problems. Thanks again.

....gm

WinPFind3 logfile created on: 4/3/2007 11:12:03 PM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\BOBBY\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.42% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.01 Gb Free Space | 88.89% Space Free
D: Drive not present or media not loaded
Drive E: | 540.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: BOBBYS-PUTER
Current User Name: BOBBY
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 3/31/2007 10:42:42 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/31/2007 10:42:44 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 3/31/2007 10:42:44 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/31/2007 10:41:08 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 11:42:50 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/1/2007 12:39:40 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 3/31/2007 10:42:42 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/31/2007 10:41:08 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 3/31/2007 10:42:44 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 11:42:50 PM | Attr = ]
(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 11.17.2007.2 | Size = 123064 bytes | Modified Date = 11/24/2006 9:56:54 PM | Attr = ]
(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe -> SiSoftware [Ver = 11.17.2007.2 | Size = 1138880 bytes | Modified Date = 11/24/2006 9:56:28 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/31/2007 10:42:44 PM | Attr = ]
EPSON Stylus CX5000 Series -> %System32%\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp -> File not found
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 11:43:02 PM | Attr = ]
NWEReboot -> -> File not found
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 8/11/2006 11:43:00 PM | Attr = ]
RegistryMechanic -> -> File not found
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX5000 Series -> %System32%\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\DOCUME~1\BOBBY\LOCALS~1\Temp\E_S5.tmp -> File not found
< User Startup > -> C:\Documents and Settings\BOBBY\Start Menu\Programs\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKCU: Start Page -> http://www.ttu.edu/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 6:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 6:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 6:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 5:43:00 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{197D5F26-8689-4646-9D75-EE82F7F6C3CB} -> () ->
{7281BAE1-8555-4A49-ADF3-8ECFF3F0116C} -> (NVIDIA nForce Networking Controller) ->
{A1FA5C0F-E3C0-4FEF-B831-D5C8E062F73D} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00C0A1F2-D492-4DBA-A8E2-76CB1B791724} -> TNPLDownloader Control - CodeBase = https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->

[Files/Folders - Created Within 30 days]
2921cd902a0ce97f1948 -> %SystemDrive%\2921cd902a0ce97f1948 -> [Folder | Created Date = 4/2/2007 2:22:37 PM | Attr = ]
300_TC_FDSCR.ISO -> %SystemDrive%\300_TC_FDSCR.ISO -> [Ver = | Size = 211451904 bytes | Created Date = 4/1/2007 1:33:17 AM | Attr = ]
300_TC_FDSCR.MDS -> %SystemDrive%\300_TC_FDSCR.MDS -> [Ver = | Size = 4325 bytes | Created Date = 4/1/2007 1:38:09 AM | Attr = ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 4/2/2007 1:32:19 PM | Attr = ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 4/3/2007 12:46:51 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 12:47:02 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 4/3/2007 12:46:38 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/15/2007 2:00:17 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/14/2007 12:45:24 AM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 4/2/2007 2:22:40 PM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 4/2/2007 1:59:55 PM | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 3690 bytes | Created Date = 4/2/2007 2:22:43 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 4/2/2007 1:59:36 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 3/25/2007 1:08:49 PM | Attr = ]
initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Created Date = 3/31/2007 8:51:06 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/2/2007 10:33:10 AM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796584 bytes | Created Date = 3/31/2007 11:24:06 PM | Attr = ]
mbmiodrvr.sys -> %System32%\mbmiodrvr.sys -> cansoft@livewiredev.com [Ver = 1.0 built by: WinDDK | Size = 2944 bytes | Created Date = 4/3/2007 12:09:18 AM | Attr = ]
SanCpl.cpl -> %System32%\SanCpl.cpl -> SiSoftware [Ver = 11.17.2007.2 | Size = 82096 bytes | Created Date = 4/1/2007 12:06:40 PM | Attr = ]
spupdsvc.inf -> %System32%\spupdsvc.inf -> [Ver = | Size = 230 bytes | Created Date = 4/3/2007 11:19:27 AM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Created Date = 3/31/2007 11:24:00 PM | Attr = H ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 83960 bytes | Created Date = 3/31/2007 11:23:01 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Created Date = 3/31/2007 11:24:00 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 157688 bytes | Created Date = 3/31/2007 11:23:01 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 104440 bytes | Created Date = 3/31/2007 11:24:00 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 268280 bytes | Created Date = 3/31/2007 11:24:00 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 71672 bytes | Created Date = 3/31/2007 11:24:06 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 440312 bytes | Created Date = 3/31/2007 11:23:01 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 59384 bytes | Created Date = 3/31/2007 11:24:01 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 100344 bytes | Created Date = 3/31/2007 11:24:01 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 4/2/2007 2:23:21 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 83960 bytes | Created Date = 3/31/2007 11:24:04 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 71672 bytes | Created Date = 3/31/2007 11:24:04 PM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 3/31/2007 11:24:01 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 3/31/2007 9:41:06 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/31/2007 9:41:08 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/31/2007 9:41:08 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/31/2007 9:41:08 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 3/31/2007 9:42:38 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 3/31/2007 9:41:08 PM | Attr = ]
TVICHW32.SYS -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Created Date = 4/1/2007 12:40:15 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
2921cd902a0ce97f1948 -> %SystemDrive%\2921cd902a0ce97f1948 -> [Folder | Modified Date = 4/2/2007 3:22:40 PM | Attr = ]
300_TC_FDSCR.ISO -> %SystemDrive%\300_TC_FDSCR.ISO -> [Ver = | Size = 211451904 bytes | Modified Date = 4/1/2007 2:38:10 AM | Attr = ]
300_TC_FDSCR.MDS -> %SystemDrive%\300_TC_FDSCR.MDS -> [Ver = | Size = 4325 bytes | Modified Date = 4/1/2007 2:38:10 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/31/2007 10:40:52 PM | Attr = ]
DVD_VIDEO -> %SystemDrive%\DVD_VIDEO -> [Folder | Modified Date = 4/3/2007 9:56:12 PM | Attr = ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 4/2/2007 2:32:20 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/3/2007 12:56:04 AM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/21/2007 11:29:22 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2007 11:04:08 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/27/2007 1:00:20 PM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/28/2007 11:07:42 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2007 12:49:18 AM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2007 11:03:50 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/30/2007 10:19:28 AM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/30/2007 10:21:36 AM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/30/2007 1:47:16 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/31/2007 9:33:04 AM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/31/2007 10:18:04 AM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/5/2007 7:51:24 AM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/6/2007 11:49:26 AM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/13/2007 12:12:26 AM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/13/2007 11:01:26 PM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/14/2007 1:44:48 AM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/15/2007 3:05:24 AM | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/16/2007 1:38:18 AM | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/20/2007 10:29:26 AM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/20/2007 12:49:36 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/21/2007 11:29:22 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/22/2007 11:04:08 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/27/2007 1:00:20 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/28/2007 11:07:42 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/29/2007 12:49:18 AM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/29/2007 11:03:50 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/30/2007 10:19:28 AM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/30/2007 10:21:36 AM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/30/2007 1:47:16 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/31/2007 9:33:04 AM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/31/2007 10:18:04 AM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/5/2007 7:51:24 AM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/6/2007 11:49:26 AM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/13/2007 12:12:26 AM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/13/2007 11:01:26 PM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/14/2007 1:44:48 AM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/15/2007 3:05:24 AM | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/16/2007 1:38:18 AM | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/20/2007 10:29:26 AM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/20/2007 12:49:36 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/3/2007 10:08:04 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/3/2007 1:44:48 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 4/3/2007 1:46:54 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 1:47:04 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 4/3/2007 1:46:40 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/15/2007 3:00:20 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/14/2007 1:45:26 AM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 4/2/2007 3:22:42 PM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/3/2007 1:52:12 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/3/2007 10:07:48 PM | Attr = S]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 4/3/2007 10:06:24 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/1/2007 9:20:40 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/2/2007 11:33:12 AM | Attr = S]
EZMediaBox2.ini -> %SystemRoot%\EZMediaBox2.ini -> [Ver = | Size = 12609 bytes | Modified Date = 4/1/2007 11:45:38 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/2/2007 3:39:42 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/3/2007 10:06:26 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 3690 bytes | Modified Date = 4/3/2007 7:08:40 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/3/2007 1:47:08 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/3/2007 1:46:38 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 4/3/2007 10:24:32 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/3/2007 12:19:12 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/3/2007 1:53:00 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/2/2007 3:37:00 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/3/2007 8:33:40 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/31/2007 10:28:54 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/3/2007 11:05:00 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/31/2007 10:40:54 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/3/2007 10:06:36 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/3/2007 10:08:12 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 4/3/2007 12:19:12 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 630 bytes | Modified Date = 4/2/2007 12:36:50 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/3/2007 1:46:22 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/3/2007 10:07:52 PM | Attr = H ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 3/25/2007 2:08:50 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/31/2007 10:37:04 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/3/2007 7:08:10 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/3/2007 1:47:06 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/2/2007 2:34:34 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 4/3/2007 12:29:58 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 4/3/2007 5:26:40 PM | Attr = ]
initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Modified Date = 4/3/2007 12:56:04 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/2/2007 11:33:12 AM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 4/2/2007 2:59:38 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 81191 bytes | Modified Date = 4/3/2007 10:08:08 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 67424 bytes | Modified Date = 4/3/2007 10:06:36 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 430826 bytes | Modified Date = 4/3/2007 10:06:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 506720 bytes | Modified Date = 4/3/2007 10:06:36 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4/2/2007 2:34:34 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1076 bytes | Modified Date = 3/31/2007 11:48:46 AM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1076 bytes | Modified Date = 3/31/2007 11:48:46 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 4/2/2007 3:22:50 PM | Attr = ]
spupdsvc.inf -> %System32%\spupdsvc.inf -> [Ver = | Size = 230 bytes | Modified Date = 4/3/2007 12:19:28 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 4/3/2007 10:08:04 PM | Attr = H ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/20/2007 9:56:54 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 4/3/2007 10:08:06 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 4/2/2007 3:23:22 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 4/1/2007 12:25:12 AM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 4/1/2007 12:24:10 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/31/2007 10:42:40 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/31/2007 10:41:10 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/31/2007 10:42:42 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 3/31/2007 10:41:10 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 3/31/2007 10:42:40 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 3/31/2007 10:41:10 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\300_TC_FDSCR.ISO -> File size too big (211451904 bytes) ->
UPX! , UPX0 , -> %SystemDrive%\Install.exe -> AccuWeather [Ver = 2003.03.13.1237A | Size = 199347 bytes | Modified Date = 1/18/2007 6:43:10 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/31/2007 10:42:40 PM | Attr = ]

< End of report >

KotaGuy · Apr 3, 2007

Nothing bad in the WinPFind log.

Hard for me to say what is causing the crashes without knowing the specific error produced when it happens.

I can say that the machine is malware free

greensman · Apr 3, 2007

wow.....thanx for your quick response.

I will see if I can record the crash if it happens again while I have the machine. It's only done it to me once in 2 days. The "I've encountered an error and restart" error. At least something like that.

Thanks again.

....gm

edit:
Remembered this error log he told me about. Maybe this will answer a question or 2. lol.

#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d0b7a37, pid=2096, tid=3892
#
# Java VM: Java HotSpot(TM) Client VM (1.5.0_11-b03 mixed mode)
# Problematic frame:
# C 0x6d0b7a37
#

--------------- T H R E A D ---------------

Current thread (0x02947378): JavaThread "Thread-48" [_thread_in_native, id=3892]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000c2d

Registers:
EAX=0x0e12f9e8, EBX=0x00000001, ECX=0x00000c2d, EDX=0x0e12fa6c
ESP=0x0e12f9d4, EBP=0x0e12faa8, ESI=0x02948180, EDI=0x0e12fa6c
EIP=0x6d0b7a37, EFLAGS=0x00010246

Top of Stack: (sp=0x0e12f9d4)
0x0e12f9d4: 01000400 0e12f9e8 02947438 0e12fac4
0x0e12f9e4: 02947378 00000064 02947438 0e12fac4
0x0e12f9f4: 00000062 02947438 02947438 0e12fac4
0x0e12fa04: 0e12f9f8 02947438 0e12fd64 07b4d1a2
0x0e12fa14: 07b57a30 ffffffff 0e12faa8 6d0346ff
0x0e12fa24: 02947438 0e12fac4 00000062 02947438
0x0e12fa34: 0e12fac4 ff000000 6d03477a 02947438
0x0e12fa44: 0e12fac4 00000000 6d0b0cb6 02947438

Instructions: (pc=0x6d0b7a37)
0x6d0b7a27: 8b 8e a8 00 00 00 8d 44 24 0c 50 68 00 04 00 01
0x6d0b7a37: 8b 11 6a 00 6a 00 57 ff 52 20 3d c2 01 76 88 7f

Stack: [0x0e030000,0x0e130000), sp=0x0e12f9d4, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x6d0b7a37
J sun.awt.windows.Win32DDRenderer.fillRect(Lsun/java2d/SunGraphics2D;IIII)V
J sun.java2d.SunGraphics2D.fillRect(IIII)V
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j PictureLayerObject.drawBox(Ljava/awt/Graphics;II)V+14
j PictureLayerObject.drawAudioBox(Ljava/awt/GraphicsV+10
j PictureLayerObject.drawPictureLayer(Ljava/awt/GraphicsV+16
j KDDisplayImageCanvas.createNewImage([IF)V+264
J KDPlayer$VideoThread.run()V
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
C 0x07aa71a8
C 0x07aff462
C 0x07aa7079
C 0x07aa6dd6
C 0x07ac1a14
C 0x07b30aa6
C 0x07b30a74
C [msvcrt.dll+0x2a3b0]
C [kernel32.dll+0xb683]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
J sun.awt.windows.Win32DDRenderer.doFillRectDD(Lsun/java2d/SurfaceData;IIIII)V
J sun.awt.windows.Win32DDRenderer.fillRect(Lsun/java2d/SunGraphics2D;IIII)V
J sun.java2d.SunGraphics2D.fillRect(IIII)V
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j PictureLayerObject.drawBox(Ljava/awt/Graphics;II)V+14
j PictureLayerObject.drawAudioBox(Ljava/awt/GraphicsV+10
j PictureLayerObject.drawPictureLayer(Ljava/awt/GraphicsV+16
j KDDisplayImageCanvas.createNewImage([IF)V+264
J KDPlayer$VideoThread.run()V
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x02946cb0 JavaThread "Thread-50" [_thread_in_native, id=3628]
0x0294cf60 JavaThread "BaggerClient" [_thread_in_native, id=3900]
0x029494e8 JavaThread "Thread-49" [_thread_blocked, id=3752]
=>0x02947378 JavaThread "Thread-48" [_thread_in_native, id=3892]
0x02951b60 JavaThread "Thread-47" [_thread_blocked, id=3832]
0x02940ed8 JavaThread "Thread-46" [_thread_blocked, id=3788]
0x0292f728 JavaThread "Scrollbar thread" [_thread_blocked, id=3836]
0x07789278 JavaThread "Scrollbar thread" [_thread_blocked, id=3876]
0x076e7c70 JavaThread "AWT-EventQueue-7" [_thread_blocked, id=3872]
0x029311b0 JavaThread "thread applet-Chat.class" [_thread_blocked, id=3848]
0x0778bf28 JavaThread "Thread-42" [_thread_in_native, id=588]
0x028d7e58 JavaThread "Timer-2" [_thread_blocked, id=3756]
0x028d31f0 JavaThread "AWT-EventQueue-6" [_thread_blocked, id=3632]
0x076d0838 JavaThread "thread applet-KijkDoos" [_thread_blocked, id=3784]
0x0779b288 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3548]
0x028ca2e8 JavaThread "AWT-Shutdown" [_thread_blocked, id=3728]
0x028d1ce0 JavaThread "Thread-37" [_thread_in_native, id=2204]
0x0763cea0 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3140]
0x0290a7e8 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2944]
0x076b6208 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1244]
0x028da118 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2860]
0x028da688 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=4000]
0x07715340 JavaThread "CompilerThread0" daemon [_thread_blocked, id=368]
0x028fa0a0 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2940]
0x076c8870 JavaThread "Finalizer" daemon [_thread_blocked, id=2856]
0x028d88f0 JavaThread "Reference Handler" daemon [_thread_blocked, id=2772]

Other Threads:
0x07751978 VMThread [id=2816]
0x0779b960 WatcherThread [id=2692]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 2624K, used 2329K [0x15500000, 0x157d0000, 0x159e0000)
eden space 2368K, 97% used [0x15500000, 0x15743248, 0x15750000)
from space 256K, 5% used [0x15790000, 0x15793588, 0x157d0000)
to space 256K, 0% used [0x15750000, 0x15750000, 0x15790000)
tenured generation total 33420K, used 27546K [0x159e0000, 0x17a83000, 0x19500000)
the space 33420K, 82% used [0x159e0000, 0x174c68d8, 0x174c6a00, 0x17a83000)
compacting perm gen total 8192K, used 7667K [0x19500000, 0x19d00000, 0x1d500000)
the space 8192K, 93% used [0x19500000, 0x19c7cd98, 0x19c7ce00, 0x19d00000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x0049a000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll
0x77f10000 - 0x77f57000 C:\WINDOWS\system32\GDI32.dll
0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 - 0x7d1d5000 C:\WINDOWS\system32\SHELL32.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x61410000 - 0x61534000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll
0x6e850000 - 0x6e895000 C:\WINDOWS\system32\iertutil.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5d090000 - 0x5d12a000 C:\WINDOWS\system32\comctl32.dll
0x7e1e0000 - 0x7e7aa000 C:\WINDOWS\system32\IEFRAME.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\UxTheme.dll
0x10000000 - 0x10170000 C:\WINDOWS\system32\nview.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
0x74720000 - 0x7476b000 C:\WINDOWS\system32\MSCTF.dll
0x20000000 - 0x202c5000 C:\WINDOWS\system32\xpsp2res.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 - 0x5e01f000 C:\WINDOWS\system32\IEUI.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 - 0x4edf3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 - 0x47081000 C:\WINDOWS\system32\xmllite.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\system32\msimtf.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x325c0000 - 0x325d2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x013a0000 - 0x013b5000 C:\WINDOWS\system32\nvwddi.dll
0x61930000 - 0x6197a000 C:\Program Files\Internet Explorer\ieproxy.dll
0x01830000 - 0x01af6000 C:\WINDOWS\system32\msi.dll
0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL
0x60300000 - 0x60307000 C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll
0x7c340000 - 0x7c396000 C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCR71.dll
0x771b0000 - 0x7727f000 C:\WINDOWS\system32\WININET.dll
0x013d0000 - 0x013d9000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\MLANG.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x62900000 - 0x6296d000 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\WSOCK32.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x013f0000 - 0x013fd000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x62300000 - 0x62330000 C:\Program Files\Yahoo!\Common\yiesrvc.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.DLL
0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
0x769c0000 - 0x76a73000 C:\WINDOWS\system32\userenv.dll
0x75e60000 - 0x75e73000 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 - 0x4d548000 C:\WINDOWS\system32\WINHTTP.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\SensApi.dll
0x62200000 - 0x6221d000 C:\Program Files\Yahoo!\Common\YIeTagBm.dll
0x6d610000 - 0x6d67a000 C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x29500000 - 0x29551000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x27500000 - 0x275c9000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x65200000 - 0x65214000 C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll
0x65000000 - 0x65035000 C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll
0x04080000 - 0x0408e000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll
0x64100000 - 0x6411e000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
0x04090000 - 0x040a2000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
0x71d40000 - 0x71d5c000 C:\WINDOWS\system32\actxprxy.dll
0x040b0000 - 0x040bf000 C:\Program Files\Yahoo!\Messenger\ypagerps.dll
0x7e830000 - 0x7eb9f000 C:\WINDOWS\system32\mshtml.dll
0x746c0000 - 0x746e9000 C:\WINDOWS\system32\msls31.dll
0x6f8b0000 - 0x6f910000 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 - 0x633f8000 C:\WINDOWS\system32\jscript.dll
0x30000000 - 0x302ee000 C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x767f0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737a9000 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x04e90000 - 0x04e9b000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x12950000 - 0x133b4000 C:\WINDOWS\system32\wmp.dll
0x75a70000 - 0x75a91000 C:\WINDOWS\system32\MSVFW32.dll
0x59a60000 - 0x59b01000 C:\WINDOWS\system32\dbghelp.dll
0x13740000 - 0x13f1b000 C:\WINDOWS\system32\wmploc.dll
0x0bef0000 - 0x0bf27000 C:\WINDOWS\system32\MFPlat.DLL
0x13470000 - 0x134c0000 C:\WINDOWS\system32\wmpdxm.dll
0x71b20000 - 0x71b32000 C:\WINDOWS\system32\MPR.dll
0x15110000 - 0x1536a000 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 - 0x11ca9000 C:\WINDOWS\system32\WMASF.DLL
0x12840000 - 0x12940000 C:\WINDOWS\system32\wmnetmgr.dll
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x74380000 - 0x7438f000 C:\WINDOWS\system32\wdigest.dll
0x77d00000 - 0x77d33000 C:\WINDOWS\system32\netman.dll
0x76d40000 - 0x76d58000 C:\WINDOWS\system32\MPRAPI.dll
0x77cc0000 - 0x77cf2000 C:\WINDOWS\system32\ACTIVEDS.dll
0x76e10000 - 0x76e35000 C:\WINDOWS\system32\adsldpc.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x76400000 - 0x765a6000 C:\WINDOWS\system32\netshell.dll
0x76c00000 - 0x76c2e000 C:\WINDOWS\system32\credui.dll
0x73030000 - 0x73040000 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 - 0x7768e000 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 - 0x76d34000 C:\WINDOWS\system32\WMI.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_1\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_1\lib\plugin.jar -Xmx64m -Djavaplugin.maxHeapSize=64m -Xverify:remote -Djavaplugin.version=1.5.0_11 -Djavaplugin.nodotversion=150_11 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_1 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~2.0_1\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_1\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_1\lib\plugin.jar -Xmx64m -Djavaplugin.maxHeapSize=64m -Xverify:remote -Djavaplugin.version=1.5.0_11 -Djavaplugin.nodotversion=150_11 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_1 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE15~2.0_1\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;.
USERNAME=BOBBY
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD

--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 2 (cores per cpu 2, threads per core 1) family 15 model 35 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, mmxext, 3dnowext, 3dnow

Memory: 4k page, physical 2095532k(1385420k free), swap 4033276k(3430188k free)

vm_info: Java HotSpot(TM) Client VM (1.5.0_11-b03) for windows-x86, built on Dec 15 2006 01:16:12 by "java_re" with MS VC++ 6.0

KotaGuy · Apr 4, 2007

If that is what caused the crashes it looks like it may be Java related.

Run HijackThis. Click the Misc Tools button. Click the Uninstall Manager button. Click the Save List button. Save the list to the Desktop.

Copy/paste the contents of it back here please.

greensman · Apr 4, 2007

Thanks for your help, hopefully I can leave you alone soon. lol.

The list that you requested. ;-)

Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
ArcSoft PhotoImpression 5
Athlon 64 Processor Driver
AVG Free Edition
Basic Webcam
CCleaner (remove only)
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DVD Decrypter (Remove Only)
DVD Identifier
DVD Shrink 3.2
EPSON CX5000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
EVEREST Home Edition v2.20
EZMedia Box 2.0
FlashMenu
FreshDiagnose
HijackThis 2.0.0
Hot CPU Tester Pro 4.3
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImgBurn (Remove Only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Kaspersky Online Scanner
KProbe 2.5.2
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motherboard Monitor 5
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Multimedia Card Reader
Nero Suite
NVIDIA Drivers
PeerGuardian 2.0
PowerDVD
Registry Mechanic 6.0
ResChanger 2005
RipIt4Me
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Serious Samurize
SiSoftware Sandra Lite XIb (Win64/32/CE)
Sound Blaster X-Fi Xtreme Audio
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
USB Driver
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm

KotaGuy · Apr 4, 2007

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[*]Download the latest version of Java(TM) SE Runtime Environment 6u1.
[*]Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
[*]Click the "Download" button to the right.
[*]Check the box that says: "Accept License Agreement".
[*]The page will refresh.
[*]Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.

Log in or Sign up

Hijackthis log file....I have some questions and possibly need some help fixing them.....:-)

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

Share This Page

Log in or Sign up

Hijackthis log file....I have some questions and possibly need some help fixing them.....:-)

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

greensman Regular member

KotaGuy Regular member

Share This Page

Useful Searches