[Windoctor + other popups + BSOD's]

Skateshoot123 · 2007/05/05

My computer is so close to crashing....I've gotten some blue screens but with no reasons or explanations. I ran Spy Sweeper, Spy Doctor, Norton and a bunch of other anti-malware software and I still get pop ups for WinDoctor....and other dialers. I have hi-jack this and this site has looked at my hi-jack logs and had me run some downloads which fixed the problems. I am also having these issues interefer with either my BIOS or my AUTOEXEC and Batch files as its bumped out my secondary SATA drive settings and they begin to conflict leaving me to have to disconnect it to work. If anyone knows how to problem solve this I will be glad to copy and past my running processes...and hi-jack logs.

Logfile of HijackThis v1.99.1
Scan saved at 5:16:54 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe "
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\kibeqjuh.dll ",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

as well this may help...

I have a yrdldebw.exe rundll.exe file in my msconfig and I've never seen it before.

PLease help and respond

PeteC · 2007/05/06

Please observe Posting Rules #3 - Meaningful Subject - I have adjusted your title.

this site has looked at my hi-jack logs and had me run some downloads which fixed the problems.
Click to expand...

I see that you did not respond to the help given in your previous thread .....

http://www.windowsbbs.com/showthread.php?t=62680

We must have two way traffic here and guessing that the advice given worked is not good enough.

If you are getting random BSOD's look here ....

http://www.windowsbbs.com/showthread.php?t=33471

and follow the instructions to post dump data in a new thread, referencing this thread.

In the meantime I have moved this thread to the Removing Spyware & Viruses forum.

Skateshoot123 · 2007/05/06

Sorry....

Sorry about that....yeah I was excited cause it did work. And I was extremely grateful and in the future I will be letting you know whether or not the help worked. I think I got a little bit from that thread....(the repair solution) And got a little from a similar thread. But I have booked mark this site and it has been working really good for me. I just need to find somewhere else to go to get cracks or stay away from them all together. Cause this is getting really annoying. Thank you once again and I do appologize for leaving you hanging.

SkateShoot123

Skateshoot123 · 2007/05/06

Ran the tools here are my results.

This is what my log looked like for my user.dmp file

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Tue Apr 17 03:17:44.000 2007 (GMT-5)
System Uptime: not available
Process Uptime: 0 days 0:00:27.000
.............................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(8e4.1df4): Access violation - code c0000005 (first/second chance not available)
eax=01d7bb50 ebx=000029b7 ecx=059ffc34 edx=01460620 esi=01d7bb50 edi=04938fc3
eip=1003011a esp=059ffc30 ebp=000029b7 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
*** WARNING: Unable to verify checksum for jkkjg.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for jkkjg.dll -
jkkjg+0x3011a:
1003011a c6041e00 mov byte ptr [esi+ebx],0 ds:0023:01d7e507=??
0:023> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** ERROR: Symbol file could not be found. Defaulted to export symbols for wmvcore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for firefox.exe -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nspr4.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for xpcom_core.dll -

FAULTING_IP:
jkkjg+3011a
1003011a c6041e00 mov byte ptr [esi+ebx],0

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 1003011a (jkkjg+0x0003011a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 01d7e507
Attempt to write to address 01d7e507

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

WRITE_ADDRESS: 01d7e507

BUGCHECK_STR: ACCESS_VIOLATION

LAST_CONTROL_TRANSFER: from 7c810173 to 1003011a

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
059ffc38 7c810173 10030110 01d7bb50 04938fc3 jkkjg+0x3011a
059ffc5c 1287c236 0000fde9 00000000 04938fc3 kernel32!lstrcpynA+0x62
059ffd08 1287f571 038ee3d0 00000000 00000001 wmnetmgr!CNamespaceNode::ImportXML+0x1f9
059ffd24 128779d8 03dd2bd8 038ee3d0 00000001 wmnetmgr!CNamespaceNode::ImportFromFile+0x23
059ffd5c 12878eee 00000001 00000000 03dd2bd8 wmnetmgr!CNamespaceNode::CycleFiles+0x8f
059ffd80 12861334 80000001 12849090 00000000 wmnetmgr!CNamespaceNode::InitializeNamespace+0x270
059ffda4 12857ad4 033a8868 00000001 1290e318 wmnetmgr!CClientNamespaceFactory::CreateInstance+0x87
059ffde8 12857d97 059ffe08 042ebea0 15308338 wmnetmgr!CNSClientNetManagerHelper::Initialize+0x15c
059ffe0c 151dc1ad 042ebbd0 038ed620 00000000 wmnetmgr!CNSClientNetManager::Initialize+0x40
059ffe28 151dc22c 041b5170 041b5174 059ffe6c wmvcore!WMCreateProfileManager+0xcc9c
059ffe3c 1513edba 059ffe6c 00000000 00000000 wmvcore!WMCreateProfileManager+0xcd1b
059ffe74 1514311d 0438b658 7fffffff 00000000 wmvcore!WMCheckURLScheme+0x635c
059ffea0 15144edf 0438b658 00000001 00000023 wmvcore!WMIsAvailableOffline+0x3575
059ffec4 15145313 00000004 00000001 03dd85c0 wmvcore!WMIsAvailableOffline+0x5337
059ffee0 151457a0 0438b658 00000001 041b54ec wmvcore!WMIsAvailableOffline+0x576b
059fff04 151652a4 00000000 03dd85c0 041b5158 wmvcore!WMIsAvailableOffline+0x5bf8
059fff1c 151684d1 03dd85c0 00000001 041b5158 wmvcore!WMIsAvailableOffline+0x256fc
059fff38 151699a8 03dd85c0 00000000 041b5158 wmvcore!WMIsAvailableOffline+0x28929
059fff68 151734cc 00000000 77c3a341 0362d1c0 wmvcore!WMIsAvailableOffline+0x29e00
059fff80 77c3a3b0 041b5158 77c3a341 00000000 wmvcore!WMIsAvailableOffline+0x33924
059fffb4 7c80b683 0360eaa0 77c3a341 00000000 msvcrt!_endthreadex+0xa9
059fffec 00000000 77c3a341 0360eaa0 00000000 kernel32!BaseThreadStart+0x37

FOLLOWUP_IP:
jkkjg+3011a
1003011a c6041e00 mov byte ptr [esi+ebx],0

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: jkkjg

IMAGE_NAME: jkkjg.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4613ab4a

FAULTING_THREAD: 00001df4

SYMBOL_NAME: jkkjg+3011a

STACK_COMMAND: ~23s; .ecxr ; kb

FAILURE_BUCKET_ID: ACCESS_VIOLATION_jkkjg+3011a

BUCKET_ID: ACCESS_VIOLATION_jkkjg+3011a

Followup: MachineOwner
---------

eax=01d7bb50 ebx=000029b7 ecx=059ffc34 edx=01460620 esi=01d7bb50 edi=04938fc3
eip=1003011a esp=059ffc30 ebp=000029b7 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
jkkjg+0x3011a:
1003011a c6041e00 mov byte ptr [esi+ebx],0 ds:0023:01d7e507=??
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
059ffc38 7c810173 10030110 01d7bb50 04938fc3 jkkjg+0x3011a
059ffc5c 1287c236 0000fde9 00000000 04938fc3 kernel32!lstrcpynA+0x62 (FPO: [Non-Fpo])
059ffd08 1287f571 038ee3d0 00000000 00000001 wmnetmgr!CNamespaceNode::ImportXML+0x1f9 (FPO: [Non-Fpo])
059ffd24 128779d8 03dd2bd8 038ee3d0 00000001 wmnetmgr!CNamespaceNode::ImportFromFile+0x23 (FPO: [Non-Fpo])
059ffd5c 12878eee 00000001 00000000 03dd2bd8 wmnetmgr!CNamespaceNode::CycleFiles+0x8f (FPO: [Non-Fpo])
059ffd80 12861334 80000001 12849090 00000000 wmnetmgr!CNamespaceNode::InitializeNamespace+0x270 (FPO: [Non-Fpo])
059ffda4 12857ad4 033a8868 00000001 1290e318 wmnetmgr!CClientNamespaceFactory::CreateInstance+0x87 (FPO: [Non-Fpo])
059ffde8 12857d97 059ffe08 042ebea0 15308338 wmnetmgr!CNSClientNetManagerHelper::Initialize+0x15c (FPO: [Non-Fpo])
059ffe0c 151dc1ad 042ebbd0 038ed620 00000000 wmnetmgr!CNSClientNetManager::Initialize+0x40 (FPO: [Non-Fpo])
059ffe28 151dc22c 041b5170 041b5174 059ffe6c wmvcore!WMCreateProfileManager+0xcc9c
059ffe3c 1513edba 059ffe6c 00000000 00000000 wmvcore!WMCreateProfileManager+0xcd1b
059ffe74 1514311d 0438b658 7fffffff 00000000 wmvcore!WMCheckURLScheme+0x635c
059ffea0 15144edf 0438b658 00000001 00000023 wmvcore!WMIsAvailableOffline+0x3575
059ffec4 15145313 00000004 00000001 03dd85c0 wmvcore!WMIsAvailableOffline+0x5337
059ffee0 151457a0 0438b658 00000001 041b54ec wmvcore!WMIsAvailableOffline+0x576b
059fff04 151652a4 00000000 03dd85c0 041b5158 wmvcore!WMIsAvailableOffline+0x5bf8
059fff1c 151684d1 03dd85c0 00000001 041b5158 wmvcore!WMIsAvailableOffline+0x256fc
059fff38 151699a8 03dd85c0 00000000 041b5158 wmvcore!WMIsAvailableOffline+0x28929
059fff68 151734cc 00000000 77c3a341 0362d1c0 wmvcore!WMIsAvailableOffline+0x29e00
059fff80 77c3a3b0 041b5158 77c3a341 00000000 wmvcore!WMIsAvailableOffline+0x33924
start end module name
00400000 00b5d000 firefox firefox.exe Fri Mar 09 22:47:12 2007 (45F23850)
01420000 01431000 CTAGENT CTAGENT.DLL Thu Feb 20 02:45:50 2003 (3E5495BE)
01470000 01479000 normaliz normaliz.dll Thu Jun 29 10:05:42 2006 (44A3EC46)
03e60000 03ebc000 npdsplay npdsplay.dll Tue Nov 29 18:27:04 2005 (438CF1D8)
05b00000 060ca000 ieframe ieframe.dll Fri Jan 12 11:27:41 2007 (45A7C50D)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Thu Oct 19 00:47:35 2006 (45371177)
10000000 100bd000 jkkjg jkkjg.dll Wed Apr 04 08:42:34 2007 (4613AB4A)
11c70000 11ca9000 wmasf wmasf.dll Thu Oct 19 00:47:23 2006 (4537116B)
12840000 12940000 wmnetmgr wmnetmgr.dll Thu Oct 19 00:47:51 2006 (45371187)
12950000 133b4000 wmp wmp.dll Thu Oct 19 00:47:52 2006 (45371188)
13470000 134c0000 wmpdxm wmpdxm.dll Thu Oct 19 00:47:56 2006 (4537118C)
13740000 13f1b000 wmploc wmploc.dll Thu Oct 19 00:48:00 2006 (45371190)
15110000 1536a000 wmvcore wmvcore.dll Thu Oct 19 00:48:18 2006 (453711A2)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 02:56:41 2004 (411096B9)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 02:55:55 2004 (4110968B)
59a60000 59b01000 dbghelp dbghelp.dll Wed Aug 04 02:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 02:56:43 2004 (411096BB)
5b0a0000 5b0a7000 umdmxfrm umdmxfrm.dll Sat Aug 18 00:35:53 2001 (3B7DFEB9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 07:28:27 2006 (44E460EB)
5cd70000 5cd77000 serwvdrv serwvdrv.dll Sat Aug 18 00:35:55 2001 (3B7DFEBB)
5edd0000 5ede7000 olepro32 olepro32.dll Wed Aug 04 02:57:43 2004 (411096F7)
60010000 60022000 jar50 jar50.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60040000 6004a000 myspell myspell.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60050000 6005e000 spellchk spellchk.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60090000 600c1000 freebl3 freebl3.dll Fri Mar 09 23:13:43 2007 (45F23E87)
600d0000 60141000 js3250 js3250.dll Fri Mar 09 23:13:43 2007 (45F23E87)
601a0000 601c7000 nspr4 nspr4.dll Fri Mar 09 23:13:43 2007 (45F23E87)
601d0000 6022b000 nss3 nss3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60230000 6026e000 nssckbi nssckbi.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60270000 60277000 plc4 plc4.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60280000 60286000 plds4 plds4.dll Fri Mar 09 23:13:44 2007 (45F23E88)
602a0000 602ba000 smime3 smime3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
602c0000 602ff000 softokn3 softokn3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60300000 60320000 ssl3 ssl3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60330000 60344000 xpcom_compat xpcom_compat.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60350000 603ba000 xpcom_core xpcom_core.dll Fri Mar 09 23:13:44 2007 (45F23E88)
605d0000 605d9000 mslbui mslbui.dll Wed Aug 04 02:58:39 2004 (4110972F)
61410000 61534000 urlmon urlmon.dll Fri Jan 12 11:27:40 2007 (45A7C50C)
63380000 633f8000 jscript jscript.dll Tue Oct 17 14:59:54 2006 (4535363A)
662b0000 66308000 hnetcfg hnetcfg.dll Wed Aug 04 02:56:16 2004 (411096A0)
6e850000 6e895000 iertutil iertutil.dll Mon Jan 08 21:02:40 2007 (45A305D0)
71a50000 71a8f000 mswsock mswsock.dll Wed Aug 04 02:59:20 2004 (41109758)
71a90000 71a98000 wshtcpip wshtcpip.dll Wed Aug 04 02:57:49 2004 (411096FD)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 02:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 02:57:38 2004 (411096F2)
71ad0000 71ad9000 wsock32 wsock32.dll Wed Aug 04 02:57:51 2004 (411096FF)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 02:56:46 2004 (411096BE)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 02:56:04 2004 (41109694)
722b0000 722b5000 sensapi sensapi.dll Wed Aug 04 02:56:28 2004 (411096AC)
73000000 73026000 winspool winspool.drv Wed Aug 04 02:56:38 2004 (411096B6)
746f0000 7471a000 msimtf msimtf.dll Wed Aug 04 02:58:33 2004 (41109729)
74720000 7476b000 msctf msctf.dll Wed Aug 04 02:57:30 2004 (411096EA)
755c0000 755ee000 msctfime msctfime.ime Wed Aug 04 02:57:31 2004 (411096EB)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 02:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 02:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 08:56:28 2006 (4537840C)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 02:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 02:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 02:56:32 2004 (411096B0)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 02:56:40 2004 (411096B8)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 02:56:41 2004 (411096B9)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 02:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 02:56:58 2004 (411096CA)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 07:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 02:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 02:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 02:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 02:56:25 2004 (411096A9)
76f20000 76f47000 dnsapi dnsapi.dll Fri May 19 07:59:41 2006 (446DC13D)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 02:56:43 2004 (411096BB)
76fb0000 76fb8000 winrnr winrnr.dll Wed Aug 04 02:56:35 2004 (411096B3)
76fc0000 76fc6000 rasadhlp rasadhlp.dll Wed Aug 04 02:56:24 2004 (411096A8)
76fd0000 7704f000 clbcatq clbcatq.dll Mon Jul 25 23:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 02:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 02:57:39 2004 (411096F3)
771b0000 7727f000 wininet wininet.dll Fri Jan 12 11:27:40 2007 (45A7C50C)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 10:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Mon Jul 25 23:39:47 2005 (42E5BE93)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 02:56:32 2004 (411096B0)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 02:56:36 2004 (411096B4)
77c00000 77c08000 version version.dll Wed Aug 04 02:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 02:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 02:59:11 2004 (4110974F)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 02:56:23 2004 (411096A7)
77e70000 77f01000 rpcrt4 rpcrt4.dll Wed Aug 04 02:56:30 2004 (411096AE)
77f10000 77f57000 gdi32 gdi32.dll Thu Mar 08 09:36:28 2007 (45F02D7C)
77f60000 77fd6000 shlwapi shlwapi.dll Thu Sep 14 03:31:29 2006 (45091361)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 02:56:49 2004 (411096C1)
7c800000 7c8f4000 kernel32 kernel32.dll Wed Jul 05 05:55:00 2006 (44AB9A84)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 02:56:36 2004 (411096B4)
7c9c0000 7d1d5000 shell32 shell32.dll Tue Dec 19 15:52:11 2006 (45885F0B)
7df70000 7df92000 oledlg oledlg.dll Mon Oct 16 11:15:00 2006 (4533B004)
7e410000 7e4a0000 user32 user32.dll Thu Mar 08 09:36:28 2007 (45F02D7C)
Closing open log file c:\debuglog.txt

Hope this helps figure something out cause I don't know what all that means. You guys are really smart

PeteC · 2007/05/06

According to your dump data the crash was probably caused by jkkjg.dll which would appear to be a Vundo infection. It doesn't show in your HJT log, but some infections have the ability to hide themselves from HJT.

This is outside my field of experience so please be patient until one of our 'resident' experts takes a look.

Skateshoot123 · 2007/05/06

Cheers

OK...will do and thank you once again. i use my pc for a home business ...editing suite and I rely heavily on it so I tank you for your time and expertise.

Skateshoot123 · 2007/05/06

let me try this.

I googled....the vundo virus....and I came up with VundoFix V6.3.2.1 and it seems to be finding a bunch of .dll files.....I am going to try this unless you suggest against it. But if it works I will post my results and if not I'll post those too. Thank you and hopefully this works. At least you pointed me in the right direction to fixing it cause I find you need to know what you're looking for or fixing before fixing it and I had no names or clues before that log you had me generate.

Skateshoot123 · 2007/05/06

removed the vundo virus.....I am still concerned about this kibeqjuh.dll file. Is this a process that should be in start up and part of a Windows service?

PeteC · 2007/05/07

You are right to be concerned about this entry in your HJT log ....

O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\kibeqjuh.dll ",realset

There are no hits on Google for that .dll except your thread here.

As you have run VundoFix please post another HJT log here in preparation for our expert's attention.

Skateshoot123 · 2007/05/07

Great!!

I ran vundo Fix and it removed a couple of items....I scanned my pc using Spyhunter to find what else may be on....I do not have the full version but it came up with VirtuMonde....and I searched for a tool on Norton's Database and its scanning now. As well I've installed AVG free Edition. This scan is going very slow so I will be updating my HJT log on here most likely in approx 10 hours once I've slept. Thank you and I will keep posting till I get to say thank you and have my computer clean once again.

SkateShoot

Skateshoot123 · 2007/05/07

I think I did it.

I think its finally clean. And yes I explored options on my own and it may have worked and it may have not...but you put me in the right direction and I am grateful. Here are some logs of my computer after running several programs.

I ran

Smitfraud
atfcleaner
look2me
vundofix
Spyhunter (to find only)
AVG 7.5
Security Task Manager
Norton FXV Monde

these are my HJT logs and Debug Wiz

Logfile of HijackThis v1.99.1
Scan saved at 1:03:10 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Hell Boy\Desktop\debugwiz\debugwiz.exe
C:\Program Files\Debugging Tools for Windows\cdb.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

and Debug Wiz

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Tue Apr 17 03:17:44.000 2007 (GMT-5)
System Uptime: not available
Process Uptime: 0 days 0:00:27.000
.............................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(8e4.1df4): Access violation - code c0000005 (first/second chance not available)
eax=01d7bb50 ebx=000029b7 ecx=059ffc34 edx=01460620 esi=01d7bb50 edi=04938fc3
eip=1003011a esp=059ffc30 ebp=000029b7 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
*** WARNING: Unable to verify timestamp for jkkjg.dll
*** ERROR: Module load completed but symbols could not be loaded for jkkjg.dll
jkkjg+0x3011a:
1003011a c6041e00 mov byte ptr [esi+ebx],0 ds:0023:01d7e507=??
0:023> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** ERROR: Symbol file could not be found. Defaulted to export symbols for wmvcore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for firefox.exe -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nspr4.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for xpcom_core.dll -

FAULTING_IP:
jkkjg+3011a
1003011a c6041e00 mov byte ptr [esi+ebx],0

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 1003011a (jkkjg+0x0003011a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 01d7e507
Attempt to write to address 01d7e507

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

WRITE_ADDRESS: 01d7e507

BUGCHECK_STR: ACCESS_VIOLATION

LAST_CONTROL_TRANSFER: from 7c810173 to 1003011a

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
059ffc38 7c810173 10030110 01d7bb50 04938fc3 jkkjg+0x3011a
059ffc5c 1287c236 0000fde9 00000000 04938fc3 kernel32!lstrcpynA+0x62
059ffd08 1287f571 038ee3d0 00000000 00000001 wmnetmgr!CNamespaceNode::ImportXML+0x1f9
059ffd24 128779d8 03dd2bd8 038ee3d0 00000001 wmnetmgr!CNamespaceNode::ImportFromFile+0x23
059ffd5c 12878eee 00000001 00000000 03dd2bd8 wmnetmgr!CNamespaceNode::CycleFiles+0x8f
059ffd80 12861334 80000001 12849090 00000000 wmnetmgr!CNamespaceNode::InitializeNamespace+0x270
059ffda4 12857ad4 033a8868 00000001 1290e318 wmnetmgr!CClientNamespaceFactory::CreateInstance+0x87
059ffde8 12857d97 059ffe08 042ebea0 15308338 wmnetmgr!CNSClientNetManagerHelper::Initialize+0x15c
059ffe0c 151dc1ad 042ebbd0 038ed620 00000000 wmnetmgr!CNSClientNetManager::Initialize+0x40
059ffe28 151dc22c 041b5170 041b5174 059ffe6c wmvcore!WMCreateProfileManager+0xcc9c
059ffe3c 1513edba 059ffe6c 00000000 00000000 wmvcore!WMCreateProfileManager+0xcd1b
059ffe74 1514311d 0438b658 7fffffff 00000000 wmvcore!WMCheckURLScheme+0x635c
059ffea0 15144edf 0438b658 00000001 00000023 wmvcore!WMIsAvailableOffline+0x3575
059ffec4 15145313 00000004 00000001 03dd85c0 wmvcore!WMIsAvailableOffline+0x5337
059ffee0 151457a0 0438b658 00000001 041b54ec wmvcore!WMIsAvailableOffline+0x576b
059fff04 151652a4 00000000 03dd85c0 041b5158 wmvcore!WMIsAvailableOffline+0x5bf8
059fff1c 151684d1 03dd85c0 00000001 041b5158 wmvcore!WMIsAvailableOffline+0x256fc
059fff38 151699a8 03dd85c0 00000000 041b5158 wmvcore!WMIsAvailableOffline+0x28929
059fff68 151734cc 00000000 77c3a341 0362d1c0 wmvcore!WMIsAvailableOffline+0x29e00
059fff80 77c3a3b0 041b5158 77c3a341 00000000 wmvcore!WMIsAvailableOffline+0x33924
059fffb4 7c80b683 0360eaa0 77c3a341 00000000 msvcrt!_endthreadex+0xa9
059fffec 00000000 77c3a341 0360eaa0 00000000 kernel32!BaseThreadStart+0x37

FOLLOWUP_IP:
jkkjg+3011a
1003011a c6041e00 mov byte ptr [esi+ebx],0

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: jkkjg

IMAGE_NAME: jkkjg.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4613ab4a

FAULTING_THREAD: 00001df4

SYMBOL_NAME: jkkjg+3011a

STACK_COMMAND: ~23s; .ecxr ; kb

FAILURE_BUCKET_ID: ACCESS_VIOLATION_jkkjg+3011a

BUCKET_ID: ACCESS_VIOLATION_jkkjg+3011a

Followup: MachineOwner
---------

eax=01d7bb50 ebx=000029b7 ecx=059ffc34 edx=01460620 esi=01d7bb50 edi=04938fc3
eip=1003011a esp=059ffc30 ebp=000029b7 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
jkkjg+0x3011a:
1003011a c6041e00 mov byte ptr [esi+ebx],0 ds:0023:01d7e507=??
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
059ffc38 7c810173 10030110 01d7bb50 04938fc3 jkkjg+0x3011a
059ffc5c 1287c236 0000fde9 00000000 04938fc3 kernel32!lstrcpynA+0x62 (FPO: [Non-Fpo])
059ffd08 1287f571 038ee3d0 00000000 00000001 wmnetmgr!CNamespaceNode::ImportXML+0x1f9 (FPO: [Non-Fpo])
059ffd24 128779d8 03dd2bd8 038ee3d0 00000001 wmnetmgr!CNamespaceNode::ImportFromFile+0x23 (FPO: [Non-Fpo])
059ffd5c 12878eee 00000001 00000000 03dd2bd8 wmnetmgr!CNamespaceNode::CycleFiles+0x8f (FPO: [Non-Fpo])
059ffd80 12861334 80000001 12849090 00000000 wmnetmgr!CNamespaceNode::InitializeNamespace+0x270 (FPO: [Non-Fpo])
059ffda4 12857ad4 033a8868 00000001 1290e318 wmnetmgr!CClientNamespaceFactory::CreateInstance+0x87 (FPO: [Non-Fpo])
059ffde8 12857d97 059ffe08 042ebea0 15308338 wmnetmgr!CNSClientNetManagerHelper::Initialize+0x15c (FPO: [Non-Fpo])
059ffe0c 151dc1ad 042ebbd0 038ed620 00000000 wmnetmgr!CNSClientNetManager::Initialize+0x40 (FPO: [Non-Fpo])
059ffe28 151dc22c 041b5170 041b5174 059ffe6c wmvcore!WMCreateProfileManager+0xcc9c
059ffe3c 1513edba 059ffe6c 00000000 00000000 wmvcore!WMCreateProfileManager+0xcd1b
059ffe74 1514311d 0438b658 7fffffff 00000000 wmvcore!WMCheckURLScheme+0x635c
059ffea0 15144edf 0438b658 00000001 00000023 wmvcore!WMIsAvailableOffline+0x3575
059ffec4 15145313 00000004 00000001 03dd85c0 wmvcore!WMIsAvailableOffline+0x5337
059ffee0 151457a0 0438b658 00000001 041b54ec wmvcore!WMIsAvailableOffline+0x576b
059fff04 151652a4 00000000 03dd85c0 041b5158 wmvcore!WMIsAvailableOffline+0x5bf8
059fff1c 151684d1 03dd85c0 00000001 041b5158 wmvcore!WMIsAvailableOffline+0x256fc
059fff38 151699a8 03dd85c0 00000000 041b5158 wmvcore!WMIsAvailableOffline+0x28929
059fff68 151734cc 00000000 77c3a341 0362d1c0 wmvcore!WMIsAvailableOffline+0x29e00
059fff80 77c3a3b0 041b5158 77c3a341 00000000 wmvcore!WMIsAvailableOffline+0x33924
start end module name
00400000 00b5d000 firefox firefox.exe Fri Mar 09 22:47:12 2007 (45F23850)
01420000 01431000 CTAGENT CTAGENT.DLL Thu Feb 20 02:45:50 2003 (3E5495BE)
01470000 01479000 normaliz normaliz.dll Thu Jun 29 10:05:42 2006 (44A3EC46)
03e60000 03ebc000 npdsplay npdsplay.dll Tue Nov 29 18:27:04 2005 (438CF1D8)
05b00000 060ca000 ieframe ieframe.dll Fri Jan 12 11:27:41 2007 (45A7C50D)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Thu Oct 19 00:47:35 2006 (45371177)
10000000 100bd000 jkkjg jkkjg.dll Wed Apr 04 08:42:34 2007 (4613AB4A)
11c70000 11ca9000 wmasf wmasf.dll Thu Oct 19 00:47:23 2006 (4537116B)
12840000 12940000 wmnetmgr wmnetmgr.dll Thu Oct 19 00:47:51 2006 (45371187)
12950000 133b4000 wmp wmp.dll Thu Oct 19 00:47:52 2006 (45371188)
13470000 134c0000 wmpdxm wmpdxm.dll Thu Oct 19 00:47:56 2006 (4537118C)
13740000 13f1b000 wmploc wmploc.dll Thu Oct 19 00:48:00 2006 (45371190)
15110000 1536a000 wmvcore wmvcore.dll Thu Oct 19 00:48:18 2006 (453711A2)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 02:56:41 2004 (411096B9)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 02:55:55 2004 (4110968B)
59a60000 59b01000 dbghelp dbghelp.dll Wed Aug 04 02:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 02:56:43 2004 (411096BB)
5b0a0000 5b0a7000 umdmxfrm umdmxfrm.dll Sat Aug 18 00:35:53 2001 (3B7DFEB9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 07:28:27 2006 (44E460EB)
5cd70000 5cd77000 serwvdrv serwvdrv.dll Sat Aug 18 00:35:55 2001 (3B7DFEBB)
5edd0000 5ede7000 olepro32 olepro32.dll Wed Aug 04 02:57:43 2004 (411096F7)
60010000 60022000 jar50 jar50.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60040000 6004a000 myspell myspell.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60050000 6005e000 spellchk spellchk.dll Fri Mar 09 23:13:43 2007 (45F23E87)
60090000 600c1000 freebl3 freebl3.dll Fri Mar 09 23:13:43 2007 (45F23E87)
600d0000 60141000 js3250 js3250.dll Fri Mar 09 23:13:43 2007 (45F23E87)
601a0000 601c7000 nspr4 nspr4.dll Fri Mar 09 23:13:43 2007 (45F23E87)
601d0000 6022b000 nss3 nss3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60230000 6026e000 nssckbi nssckbi.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60270000 60277000 plc4 plc4.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60280000 60286000 plds4 plds4.dll Fri Mar 09 23:13:44 2007 (45F23E88)
602a0000 602ba000 smime3 smime3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
602c0000 602ff000 softokn3 softokn3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60300000 60320000 ssl3 ssl3.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60330000 60344000 xpcom_compat xpcom_compat.dll Fri Mar 09 23:13:44 2007 (45F23E88)
60350000 603ba000 xpcom_core xpcom_core.dll Fri Mar 09 23:13:44 2007 (45F23E88)
605d0000 605d9000 mslbui mslbui.dll Wed Aug 04 02:58:39 2004 (4110972F)
61410000 61534000 urlmon urlmon.dll Fri Jan 12 11:27:40 2007 (45A7C50C)
63380000 633f8000 jscript jscript.dll Tue Oct 17 14:59:54 2006 (4535363A)
662b0000 66308000 hnetcfg hnetcfg.dll Wed Aug 04 02:56:16 2004 (411096A0)
6e850000 6e895000 iertutil iertutil.dll Mon Jan 08 21:02:40 2007 (45A305D0)
71a50000 71a8f000 mswsock mswsock.dll Wed Aug 04 02:59:20 2004 (41109758)
71a90000 71a98000 wshtcpip wshtcpip.dll Wed Aug 04 02:57:49 2004 (411096FD)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 02:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 02:57:38 2004 (411096F2)
71ad0000 71ad9000 wsock32 wsock32.dll Wed Aug 04 02:57:51 2004 (411096FF)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 02:56:46 2004 (411096BE)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 02:56:04 2004 (41109694)
722b0000 722b5000 sensapi sensapi.dll Wed Aug 04 02:56:28 2004 (411096AC)
73000000 73026000 winspool winspool.drv Wed Aug 04 02:56:38 2004 (411096B6)
746f0000 7471a000 msimtf msimtf.dll Wed Aug 04 02:58:33 2004 (41109729)
74720000 7476b000 msctf msctf.dll Wed Aug 04 02:57:30 2004 (411096EA)
755c0000 755ee000 msctfime msctfime.ime Wed Aug 04 02:57:31 2004 (411096EB)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 02:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 02:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 08:56:28 2006 (4537840C)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 02:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 02:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 02:56:32 2004 (411096B0)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 02:56:40 2004 (411096B8)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 02:56:41 2004 (411096B9)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 02:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 02:56:58 2004 (411096CA)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 07:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 02:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 02:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 02:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 02:56:25 2004 (411096A9)
76f20000 76f47000 dnsapi dnsapi.dll Fri May 19 07:59:41 2006 (446DC13D)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 02:56:43 2004 (411096BB)
76fb0000 76fb8000 winrnr winrnr.dll Wed Aug 04 02:56:35 2004 (411096B3)
76fc0000 76fc6000 rasadhlp rasadhlp.dll Wed Aug 04 02:56:24 2004 (411096A8)
76fd0000 7704f000 clbcatq clbcatq.dll Mon Jul 25 23:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 02:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 02:57:39 2004 (411096F3)
771b0000 7727f000 wininet wininet.dll Fri Jan 12 11:27:40 2007 (45A7C50C)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 10:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Mon Jul 25 23:39:47 2005 (42E5BE93)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 02:56:32 2004 (411096B0)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 02:56:36 2004 (411096B4)
77c00000 77c08000 version version.dll Wed Aug 04 02:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 02:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 02:59:11 2004 (4110974F)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 02:56:23 2004 (411096A7)
77e70000 77f01000 rpcrt4 rpcrt4.dll Wed Aug 04 02:56:30 2004 (411096AE)
77f10000 77f57000 gdi32 gdi32.dll Thu Mar 08 09:36:28 2007 (45F02D7C)
77f60000 77fd6000 shlwapi shlwapi.dll Thu Sep 14 03:31:29 2006 (45091361)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 02:56:49 2004 (411096C1)
7c800000 7c8f4000 kernel32 kernel32.dll Wed Jul 05 05:55:00 2006 (44AB9A84)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 02:56:36 2004 (411096B4)
7c9c0000 7d1d5000 shell32 shell32.dll Tue Dec 19 15:52:11 2006 (45885F0B)
7df70000 7df92000 oledlg oledlg.dll Mon Oct 16 11:15:00 2006 (4533B004)
7e410000 7e4a0000 user32 user32.dll Thu Mar 08 09:36:28 2007 (45F02D7C)
Closing open log file c:\debuglog.txt

Thank you for the help and if you do by chance see something I missed. I appreciate the help and will advise my friends to come here for computing help. Hopefully your site and admins can eventually do advertising on here and get some coin in your pocket for the time you spend helping people. You have my support.

PeteC · 2007/05/07

I'm puzzles as to why you posted the dump data - presumably from a dump prior to cleaning out the infections. Is the computer stable now?

Skateshoot123 · 2007/05/07

yes my computer seems to be stable now. It was running at about 800 mb of ram for page file ... this was before I uninstalled norton and even still at 650 after I tried to completely clean out norton....once someone advised me I had a Mundo Virus and I ran some cleaning programs I have it back at my stable page file usage of about 370 mb. Thank you so much once again. I know I went and figured stuff out but the site got me started and I was lost without coming here. Hope the posts can help others with the programs listed as well. If I ever get around to making a web page I'll make sure I post a link with permission. Thank you guys and girls

SkateShoot123

PeteC · 2007/05/08

OK - you're welcome

Log in or Sign up

[Windoctor + other popups + BSOD's]

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

[Windoctor + other popups + BSOD's]

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Skateshoot123 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches