Inactive Internet Explorer gets redirected and music and ads play in the background!
- Thread starter MarioGA
- Start date
I ran full scan of Microsoft Security Essentials. It found:
Exploit:Java/Blacole.BL
Exploit:Java/Blacole.BK
Exploit:Java/Blacole.BJ
Exploit:Java/Blacole.BI
Exploit:Java/Blacole.BA
Exploit:Java/Blacole.AZ
It suggested I should remove them and so I did.
Here's the OTL scan:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1471082805-2386370728-3380099341-1005_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1471082805-2386370728-3380099341-1005_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Aj-T'zib'
->Temp folder emptied: 27491198 bytes
->Temporary Internet Files folder emptied: 229095492 bytes
->Java cache emptied: 44683 bytes
->Flash cache emptied: 8203 bytes
User: All Users
User: boinc_master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 82322 bytes
RecycleBin emptied: 2236800 bytes
Total Files Cleaned = 247.00 mb
[EMPTYFLASH]
User: Aj-T'zib'
->Flash cache emptied: 0 bytes
User: All Users
User: boinc_master
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 11232011_213620
Files\Folders moved on Reboot...
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Temp\flaF3D5.tmp not found!
C:\Users\Aj-T'zib'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\2011-acura-tl-sh-awd-suave-sport[1].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\fw-nonplayer-banner[5].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\index[1].htm moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV3EHBUH\fw-nonplayer-banner[6].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV3EHBUH\fw-nonplayer-banner[7].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P45M8SJ0\emily[1].htm moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0Z6EDA4\data_sync[1].htm moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\iframe[8].htm moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\login_status[1].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\sandbox[3].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9KMYLKR\redirect_v94_cim_11_16_1[1].htm moved successfully.
Registry entries deleted on Reboot...
Exploit:Java/Blacole.BL
Exploit:Java/Blacole.BK
Exploit:Java/Blacole.BJ
Exploit:Java/Blacole.BI
Exploit:Java/Blacole.BA
Exploit:Java/Blacole.AZ
It suggested I should remove them and so I did.
Here's the OTL scan:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1471082805-2386370728-3380099341-1005_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1471082805-2386370728-3380099341-1005_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Aj-T'zib'
->Temp folder emptied: 27491198 bytes
->Temporary Internet Files folder emptied: 229095492 bytes
->Java cache emptied: 44683 bytes
->Flash cache emptied: 8203 bytes
User: All Users
User: boinc_master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 82322 bytes
RecycleBin emptied: 2236800 bytes
Total Files Cleaned = 247.00 mb
[EMPTYFLASH]
User: Aj-T'zib'
->Flash cache emptied: 0 bytes
User: All Users
User: boinc_master
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 11232011_213620
Files\Folders moved on Reboot...
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Temp\flaF3D5.tmp not found!
C:\Users\Aj-T'zib'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\2011-acura-tl-sh-awd-suave-sport[1].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\fw-nonplayer-banner[5].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1YZ9AZ0\index[1].htm moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV3EHBUH\fw-nonplayer-banner[6].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV3EHBUH\fw-nonplayer-banner[7].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P45M8SJ0\emily[1].htm moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0Z6EDA4\data_sync[1].htm moved successfully.
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\iframe[8].htm moved successfully.
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\login_status[1].htm not found!
File\Folder C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOFNTESJ\sandbox[3].htm not found!
C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9KMYLKR\redirect_v94_cim_11_16_1[1].htm moved successfully.
Registry entries deleted on Reboot...
I tried updating Java, but instead, IE closes and I get an error file (hs_err_pid5152) on my desk that says this:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x11953f88, pid=5152, tid=5256
#
# JRE version: 6.0_22-b04
# Java VM: Java HotSpot(TM) Client VM (17.1-b03 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0x11953f88
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x166c8c00): JavaThread "main" [_thread_in_native, id=5256, stack(0x15ee0000,0x160e0000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x00000000
Registers:
EAX=0x00000000, EBX=0x3418a250, ECX=0x0e808de0, EDX=0x160dd5ac
ESP=0x160dd588, EBP=0x160dd598, ESI=0x00000000, EDI=0x166c8c00
EIP=0x11953f88, EFLAGS=0x00010206
Top of Stack: (sp=0x160dd588)
0x160dd588: 160dd5ac 160dd594 3418a250 00000000
0x160dd598: 160dd5d8 1a529f47 166c8d18 160dd5e0
0x160dd5a8: 167c1460 00000000 166c94e8 fffffffe
0x160dd5b8: 160dd5b8 3418a250 160dd5ec 34193058
0x160dd5c8: 00000000 3418a250 00000000 160dd5e8
0x160dd5d8: 160dd614 1a522f07 34192a68 1a528286
0x160dd5e8: 167c1460 00000000 32218788 160dd5f4
0x160dd5f8: 3418a1bf 160dd61c 34193058 00000000
Instructions: (pc=0x11953f88)
0x11953f78: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x11953f88: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14
Stack: [0x15ee0000,0x160e0000], sp=0x160dd588, free space=7f5160dd06ck
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x11953f88
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String
Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPluginV+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
C 0x17923a9c
C 0x179b6591
C 0x17923b1d
C 0x1792d5af
C 0x179303a7
C 0x1195178d
C 0x11958670
C 0x11957b42
C [USER32.dll+0x16238]
C [USER32.dll+0x168ea]
C [USER32.dll+0x17d31]
C [USER32.dll+0x17dfa]
C [IEFRAME.dll+0xf1b44]
C [IEFRAME.dll+0x111a16]
C [iertutil.dll+0x1415b0]
C [IEFRAME.dll+0xffd5b]
C [kernel32.dll+0x13677]
C [ntdll.dll+0x39d42]
C [ntdll.dll+0x39d15]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/StringLsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPluginV+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x166adc00 JavaThread "JRE 1.6.0.22 Heartbeat Thread" [_thread_blocked, id=5540, stack(0x07500000,0x07600000)]
0x1922b800 JavaThread "JRE 1.6.0.22 Worker Thread" [_thread_blocked, id=4452, stack(0x1e300000,0x1e400000)]
0x1922a000 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=5520, stack(0x1e140000,0x1e240000)]
0x19228800 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=248, stack(0x1e020000,0x1e120000)]
0x19228000 JavaThread "Thread-0" [_thread_in_native, id=1044, stack(0x1df20000,0x1e020000)]
0x166af400 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=1012, stack(0x1dd10000,0x1de10000)]
0x1664b000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=5280, stack(0x18be0000,0x18ce0000)]
0x16604c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6096, stack(0x17ae0000,0x17be0000)]
0x165f9000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4636, stack(0x187f0000,0x188f0000)]
0x165f7c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=1636, stack(0x18670000,0x18770000)]
0x165f5c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5944, stack(0x18470000,0x18570000)]
0x165ee800 JavaThread "Finalizer" daemon [_thread_blocked, id=5496, stack(0x18350000,0x18450000)]
0x165ed400 JavaThread "Reference Handler" daemon [_thread_blocked, id=4196, stack(0x17d50000,0x17e50000)]
=>0x166c8c00 JavaThread "main" [_thread_in_native, id=5256, stack(0x15ee0000,0x160e0000)]
Other Threads:
0x165ebc00 VMThread [stack: 0x17c20000,0x17d20000] [id=5692]
0x1661fc00 WatcherThread [stack: 0x18980000,0x18a80000] [id=5620]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 4928K, used 1407K [0x32180000, 0x326d0000, 0x32c20000)
eden space 4416K, 31% used [0x32180000, 0x322dfc50, 0x325d0000)
from space 512K, 0% used [0x325d0000, 0x325d0000, 0x32650000)
to space 512K, 0% used [0x32650000, 0x32650000, 0x326d0000)
tenured generation total 10944K, used 0K [0x32c20000, 0x336d0000, 0x34180000)
the space 10944K, 0% used [0x32c20000, 0x32c20000, 0x32c20200, 0x336d0000)
compacting perm gen total 12288K, used 709K [0x34180000, 0x34d80000, 0x38180000)
the space 12288K, 5% used [0x34180000, 0x34231730, 0x34231800, 0x34d80000)
ro space 10240K, 51% used [0x38180000, 0x386abaf8, 0x386abc00, 0x38b80000)
rw space 12288K, 54% used [0x38b80000, 0x392176d8, 0x39217800, 0x39780000)
Dynamic libraries:
0x01180000 - 0x01238000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
0x77c50000 - 0x77dd0000 C:\Windows\SysWOW64\ntdll.dll
0x75aa0000 - 0x75ba0000 C:\Windows\syswow64\kernel32.dll
0x756f0000 - 0x75736000 C:\Windows\syswow64\KERNELBASE.dll
0x76ae0000 - 0x76b80000 C:\Windows\syswow64\ADVAPI32.dll
0x75880000 - 0x7592c000 C:\Windows\syswow64\msvcrt.dll
0x76f70000 - 0x76f89000 C:\Windows\SysWOW64\sechost.dll
0x76e80000 - 0x76f70000 C:\Windows\syswow64\RPCRT4.dll
0x75350000 - 0x753b0000 C:\Windows\syswow64\SspiCli.dll
0x75340000 - 0x7534c000 C:\Windows\syswow64\CRYPTBASE.dll
0x769b0000 - 0x76ab0000 C:\Windows\syswow64\USER32.dll
0x76df0000 - 0x76e80000 C:\Windows\syswow64\GDI32.dll
0x77c20000 - 0x77c2a000 C:\Windows\syswow64\LPK.dll
0x75740000 - 0x757dd000 C:\Windows\syswow64\USP10.dll
0x75490000 - 0x754e7000 C:\Windows\syswow64\SHLWAPI.dll
0x75d60000 - 0x769a9000 C:\Windows\syswow64\SHELL32.dll
0x77010000 - 0x7716c000 C:\Windows\syswow64\ole32.dll
0x755e0000 - 0x756f0000 C:\Windows\syswow64\urlmon.dll
0x75400000 - 0x7548f000 C:\Windows\syswow64\OLEAUT32.dll
0x771d0000 - 0x77388000 C:\Windows\syswow64\iertutil.dll
0x75c40000 - 0x75d5a000 C:\Windows\syswow64\WININET.dll
0x75510000 - 0x75513000 C:\Windows\syswow64\Normaliz.dll
0x75ba0000 - 0x75c00000 C:\Windows\system32\IMM32.DLL
0x76b80000 - 0x76c4c000 C:\Windows\syswow64\MSCTF.dll
0x74730000 - 0x75075000 C:\Windows\system32\IEFRAME.dll
0x75a80000 - 0x75a85000 C:\Windows\syswow64\PSAPI.DLL
0x746f0000 - 0x7472c000 C:\Windows\system32\OLEACC.dll
0x73130000 - 0x732ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x76f90000 - 0x7700b000 C:\Windows\syswow64\comdlg32.dll
0x746b0000 - 0x746e1000 C:\Program Files (x86)\Internet Explorer\IEShims.dll
0x75c00000 - 0x75c35000 C:\Windows\syswow64\WS2_32.dll
0x757e0000 - 0x757e6000 C:\Windows\syswow64\NSI.dll
0x72f50000 - 0x72fd0000 C:\Windows\system32\uxtheme.dll
0x73ca0000 - 0x73cd2000 C:\Windows\system32\WINMM.dll
0x73ce0000 - 0x73ce7000 C:\Windows\system32\wsock32.dll
0x73c50000 - 0x73c58000 C:\Windows\system32\Secur32.dll
0x73c60000 - 0x73c6b000 C:\Windows\system32\profapi.dll
0x73aa0000 - 0x73adc000 C:\Windows\system32\mswsock.dll
0x73740000 - 0x73745000 C:\Windows\System32\wshtcpip.dll
0x73eb0000 - 0x73ec0000 C:\Windows\system32\NLAapi.dll
0x74570000 - 0x745b4000 C:\Windows\system32\DNSAPI.dll
0x74540000 - 0x74548000 C:\Windows\System32\winrnr.dll
0x74530000 - 0x74540000 C:\Windows\system32\napinsp.dll
0x73d00000 - 0x73d1c000 C:\Windows\system32\iphlpapi.DLL
0x73cf0000 - 0x73cf7000 C:\Windows\system32\WINNSI.DLL
0x744d0000 - 0x744e2000 C:\Windows\system32\pnrpnsp.dll
0x725b0000 - 0x725d7000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x74520000 - 0x7452d000 C:\Windows\system32\wshbth.dll
0x75550000 - 0x755d3000 C:\Windows\syswow64\CLBCatQ.DLL
0x72560000 - 0x72598000 C:\Windows\System32\fwpuclnt.dll
0x74010000 - 0x7406a000 C:\Windows\System32\netprofm.dll
0x725a0000 - 0x725a6000 C:\Windows\system32\rasadhlp.dll
0x73020000 - 0x73036000 C:\Windows\system32\CRYPTSP.dll
0x72fe0000 - 0x7301b000 C:\Windows\system32\rsaenh.dll
0x72fd0000 - 0x72fde000 C:\Windows\system32\RpcRtRemote.dll
0x73ea0000 - 0x73ea8000 C:\Windows\System32\npmproxy.dll
0x73d20000 - 0x73d26000 C:\Windows\System32\wship6.dll
0x72c60000 - 0x72c73000 C:\Windows\system32\dwmapi.dll
0x73940000 - 0x73961000 C:\Windows\system32\ntmarta.dll
0x753b0000 - 0x753f5000 C:\Windows\syswow64\WLDAP32.dll
0x73fd0000 - 0x74002000 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
0x73410000 - 0x7345b000 C:\Windows\system32\apphelp.dll
0x72420000 - 0x72472000 C:\Windows\system32\RASAPI32.dll
0x72540000 - 0x72555000 C:\Windows\system32\rasman.dll
0x73ec0000 - 0x73ecd000 C:\Windows\system32\rtutils.dll
0x72410000 - 0x72416000 C:\Windows\system32\sensapi.dll
0x72120000 - 0x7214d000 C:\Windows\system32\IEUI.dll
0x72100000 - 0x72105000 C:\Windows\system32\MSIMG32.dll
0x725f0000 - 0x726e5000 C:\Windows\system32\PROPSYS.dll
0x700c0000 - 0x700cc000 C:\Windows\system32\mssprxy.dll
0x6e7f0000 - 0x6e81f000 C:\Windows\system32\xmllite.dll
0x76c50000 - 0x76ded000 C:\Windows\syswow64\SETUPAPI.dll
0x76ab0000 - 0x76ad7000 C:\Windows\syswow64\CFGMGR32.dll
0x754f0000 - 0x75502000 C:\Windows\syswow64\DEVOBJ.dll
0x6e680000 - 0x6e7ef000 C:\Windows\system32\explorerframe.dll
0x6e650000 - 0x6e67f000 C:\Windows\system32\DUser.dll
0x6e590000 - 0x6e642000 C:\Windows\system32\DUI70.dll
0x6d9d0000 - 0x6e58a000 C:\Windows\system32\MSHTML.dll
0x73c90000 - 0x73c99000 C:\Windows\system32\VERSION.dll
0x6d910000 - 0x6d9ca000 C:\Windows\system32\d2d1.dll
0x6d800000 - 0x6d90a000 C:\Windows\system32\DWrite.dll
0x6d770000 - 0x6d7f3000 C:\Windows\system32\dxgi.dll
0x75a50000 - 0x75a7d000 C:\Windows\syswow64\WINTRUST.dll
0x75930000 - 0x75a4c000 C:\Windows\syswow64\CRYPT32.dll
0x75a90000 - 0x75a9c000 C:\Windows\syswow64\MSASN1.dll
0x6d740000 - 0x6d76c000 C:\Windows\system32\d3d10_1.dll
0x6d700000 - 0x6d73a000 C:\Windows\system32\d3d10_1core.dll
0x6d650000 - 0x6d6fc000 C:\Windows\system32\aticfx32.dll
0x6d640000 - 0x6d64b000 C:\Windows\system32\atiuxpag.dll
0x6ca20000 - 0x6d635000 C:\Windows\system32\igd10umd32.dll
0x69c40000 - 0x69c6e000 C:\Windows\system32\MLANG.dll
0x72b20000 - 0x72b7f000 C:\Windows\system32\SXS.DLL
0x69ae0000 - 0x69b4c000 C:\Windows\SysWOW64\ieapfltr.dll
0x698c0000 - 0x69a7b000 C:\Windows\SysWOW64\jscript9.dll
0x69ad0000 - 0x69adb000 C:\Windows\system32\msimtf.dll
0x73e30000 - 0x73e6a000 C:\Windows\SysWOW64\Dxtrans.dll
0x73ee0000 - 0x73ef4000 C:\Windows\SysWOW64\ATL.DLL
0x73e20000 - 0x73e2a000 C:\Windows\SysWOW64\ddrawex.dll
0x6ed30000 - 0x6ee17000 C:\Windows\SysWOW64\DDRAW.dll
0x6ed20000 - 0x6ed26000 C:\Windows\SysWOW64\DCIMAN32.dll
0x73dc0000 - 0x73e19000 C:\Windows\SysWOW64\Dxtmsft.dll
0x68ae0000 - 0x68bdb000 C:\Windows\system32\windowscodecs.dll
0x743c0000 - 0x744c2000 C:\Windows\system32\d3d10.dll
0x74380000 - 0x743b3000 C:\Windows\system32\d3d10core.dll
0x65250000 - 0x65382000 C:\Windows\System32\msxml3.dll
0x70e60000 - 0x70f26000 C:\Windows\System32\NaturalLanguage6.dll
0x70450000 - 0x705ce000 C:\Windows\system32\tquery.dll
0x74310000 - 0x7436c000 C:\Windows\System32\StructuredQuery.dll
0x70d40000 - 0x70e14000 C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
0x744f0000 - 0x7450f000 C:\Windows\system32\MSDART.DLL
0x72ef0000 - 0x72f07000 C:\Windows\system32\bcrypt.dll
0x73d50000 - 0x73d64000 C:\Program Files (x86)\Common Files\System\Ole DB\OLEDB32R.DLL
0x73e90000 - 0x73e9c000 C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
0x73970000 - 0x73a0b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x73d70000 - 0x73d7c000 C:\Windows\system32\ImgUtil.dll
0x68f90000 - 0x698b7000 C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx
0x68ed0000 - 0x68f42000 C:\Windows\system32\DSOUND.dll
0x72c30000 - 0x72c55000 C:\Windows\system32\POWRPROF.dll
0x68d00000 - 0x68ec3000 C:\Windows\system32\d3d9.dll
0x68f80000 - 0x68f86000 C:\Windows\system32\d3d8thk.dll
0x72930000 - 0x729a9000 C:\Windows\system32\mscms.dll
0x73810000 - 0x73827000 C:\Windows\system32\USERENV.dll
0x68f70000 - 0x68f7b000 C:\Windows\system32\atiu9pag.dll
0x140d0000 - 0x146ed000 C:\Windows\system32\igdumd32.dll
0x726f0000 - 0x72729000 C:\Windows\System32\MMDevApi.dll
0x689e0000 - 0x68a0b000 C:\Windows\system32\msls31.dll
0x69ac0000 - 0x69ac8000 C:\Windows\system32\credssp.dll
0x69a80000 - 0x69aba000 C:\Windows\SysWOW64\schannel.dll
VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~2\Java\jre6\lib\deploy.jar;C:\PROGRA~2\Java\jre6\lib\javaws.jar;C:\PROGRA~2\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic
Environment Variables:
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Sony\VAIO Startup Setting Tool;C:\Program Files (x86)\Windows Live\Shared
USERNAME=Aj-T'zib'
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows 7 Build 7600
CPU:total 4 (8 cores per cpu, 2 threads per core) family 6 model 42 stepping 7, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, ht
Memory: 4k page, physical 4108144k(2005604k free), swap 8214388k(5654612k free)
vm_info: Java HotSpot(TM) Client VM (17.1-b03) for windows-x86 JRE (1.6.0_22-b04), built on Sep 15 2010 00:56:36 by "java_re" with MS VC++ 7.1 (VS2003)
time: Wed Nov 23 21:47:18 2011
elapsed time: 1 seconds
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x11953f88, pid=5152, tid=5256
#
# JRE version: 6.0_22-b04
# Java VM: Java HotSpot(TM) Client VM (17.1-b03 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0x11953f88
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x166c8c00): JavaThread "main" [_thread_in_native, id=5256, stack(0x15ee0000,0x160e0000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x00000000
Registers:
EAX=0x00000000, EBX=0x3418a250, ECX=0x0e808de0, EDX=0x160dd5ac
ESP=0x160dd588, EBP=0x160dd598, ESI=0x00000000, EDI=0x166c8c00
EIP=0x11953f88, EFLAGS=0x00010206
Top of Stack: (sp=0x160dd588)
0x160dd588: 160dd5ac 160dd594 3418a250 00000000
0x160dd598: 160dd5d8 1a529f47 166c8d18 160dd5e0
0x160dd5a8: 167c1460 00000000 166c94e8 fffffffe
0x160dd5b8: 160dd5b8 3418a250 160dd5ec 34193058
0x160dd5c8: 00000000 3418a250 00000000 160dd5e8
0x160dd5d8: 160dd614 1a522f07 34192a68 1a528286
0x160dd5e8: 167c1460 00000000 32218788 160dd5f4
0x160dd5f8: 3418a1bf 160dd61c 34193058 00000000
Instructions: (pc=0x11953f88)
0x11953f78: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x11953f88: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14
Stack: [0x15ee0000,0x160e0000], sp=0x160dd588, free space=7f5160dd06ck
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x11953f88
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String
Lsun/plugin2/main/server/AppletID;+16j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin
V+1j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
C 0x17923a9c
C 0x179b6591
C 0x17923b1d
C 0x1792d5af
C 0x179303a7
C 0x1195178d
C 0x11958670
C 0x11957b42
C [USER32.dll+0x16238]
C [USER32.dll+0x168ea]
C [USER32.dll+0x17d31]
C [USER32.dll+0x17dfa]
C [IEFRAME.dll+0xf1b44]
C [IEFRAME.dll+0x111a16]
C [iertutil.dll+0x1415b0]
C [IEFRAME.dll+0xffd5b]
C [kernel32.dll+0x13677]
C [ntdll.dll+0x39d42]
C [ntdll.dll+0x39d15]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String
Lsun/plugin2/main/server/AppletID;+16j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin
V+1j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x166adc00 JavaThread "JRE 1.6.0.22 Heartbeat Thread" [_thread_blocked, id=5540, stack(0x07500000,0x07600000)]
0x1922b800 JavaThread "JRE 1.6.0.22 Worker Thread" [_thread_blocked, id=4452, stack(0x1e300000,0x1e400000)]
0x1922a000 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=5520, stack(0x1e140000,0x1e240000)]
0x19228800 JavaThread "JRE 1.6.0.22 Output Reader Thread" [_thread_in_native, id=248, stack(0x1e020000,0x1e120000)]
0x19228000 JavaThread "Thread-0" [_thread_in_native, id=1044, stack(0x1df20000,0x1e020000)]
0x166af400 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=1012, stack(0x1dd10000,0x1de10000)]
0x1664b000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=5280, stack(0x18be0000,0x18ce0000)]
0x16604c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6096, stack(0x17ae0000,0x17be0000)]
0x165f9000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4636, stack(0x187f0000,0x188f0000)]
0x165f7c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=1636, stack(0x18670000,0x18770000)]
0x165f5c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5944, stack(0x18470000,0x18570000)]
0x165ee800 JavaThread "Finalizer" daemon [_thread_blocked, id=5496, stack(0x18350000,0x18450000)]
0x165ed400 JavaThread "Reference Handler" daemon [_thread_blocked, id=4196, stack(0x17d50000,0x17e50000)]
=>0x166c8c00 JavaThread "main" [_thread_in_native, id=5256, stack(0x15ee0000,0x160e0000)]
Other Threads:
0x165ebc00 VMThread [stack: 0x17c20000,0x17d20000] [id=5692]
0x1661fc00 WatcherThread [stack: 0x18980000,0x18a80000] [id=5620]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 4928K, used 1407K [0x32180000, 0x326d0000, 0x32c20000)
eden space 4416K, 31% used [0x32180000, 0x322dfc50, 0x325d0000)
from space 512K, 0% used [0x325d0000, 0x325d0000, 0x32650000)
to space 512K, 0% used [0x32650000, 0x32650000, 0x326d0000)
tenured generation total 10944K, used 0K [0x32c20000, 0x336d0000, 0x34180000)
the space 10944K, 0% used [0x32c20000, 0x32c20000, 0x32c20200, 0x336d0000)
compacting perm gen total 12288K, used 709K [0x34180000, 0x34d80000, 0x38180000)
the space 12288K, 5% used [0x34180000, 0x34231730, 0x34231800, 0x34d80000)
ro space 10240K, 51% used [0x38180000, 0x386abaf8, 0x386abc00, 0x38b80000)
rw space 12288K, 54% used [0x38b80000, 0x392176d8, 0x39217800, 0x39780000)
Dynamic libraries:
0x01180000 - 0x01238000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
0x77c50000 - 0x77dd0000 C:\Windows\SysWOW64\ntdll.dll
0x75aa0000 - 0x75ba0000 C:\Windows\syswow64\kernel32.dll
0x756f0000 - 0x75736000 C:\Windows\syswow64\KERNELBASE.dll
0x76ae0000 - 0x76b80000 C:\Windows\syswow64\ADVAPI32.dll
0x75880000 - 0x7592c000 C:\Windows\syswow64\msvcrt.dll
0x76f70000 - 0x76f89000 C:\Windows\SysWOW64\sechost.dll
0x76e80000 - 0x76f70000 C:\Windows\syswow64\RPCRT4.dll
0x75350000 - 0x753b0000 C:\Windows\syswow64\SspiCli.dll
0x75340000 - 0x7534c000 C:\Windows\syswow64\CRYPTBASE.dll
0x769b0000 - 0x76ab0000 C:\Windows\syswow64\USER32.dll
0x76df0000 - 0x76e80000 C:\Windows\syswow64\GDI32.dll
0x77c20000 - 0x77c2a000 C:\Windows\syswow64\LPK.dll
0x75740000 - 0x757dd000 C:\Windows\syswow64\USP10.dll
0x75490000 - 0x754e7000 C:\Windows\syswow64\SHLWAPI.dll
0x75d60000 - 0x769a9000 C:\Windows\syswow64\SHELL32.dll
0x77010000 - 0x7716c000 C:\Windows\syswow64\ole32.dll
0x755e0000 - 0x756f0000 C:\Windows\syswow64\urlmon.dll
0x75400000 - 0x7548f000 C:\Windows\syswow64\OLEAUT32.dll
0x771d0000 - 0x77388000 C:\Windows\syswow64\iertutil.dll
0x75c40000 - 0x75d5a000 C:\Windows\syswow64\WININET.dll
0x75510000 - 0x75513000 C:\Windows\syswow64\Normaliz.dll
0x75ba0000 - 0x75c00000 C:\Windows\system32\IMM32.DLL
0x76b80000 - 0x76c4c000 C:\Windows\syswow64\MSCTF.dll
0x74730000 - 0x75075000 C:\Windows\system32\IEFRAME.dll
0x75a80000 - 0x75a85000 C:\Windows\syswow64\PSAPI.DLL
0x746f0000 - 0x7472c000 C:\Windows\system32\OLEACC.dll
0x73130000 - 0x732ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x76f90000 - 0x7700b000 C:\Windows\syswow64\comdlg32.dll
0x746b0000 - 0x746e1000 C:\Program Files (x86)\Internet Explorer\IEShims.dll
0x75c00000 - 0x75c35000 C:\Windows\syswow64\WS2_32.dll
0x757e0000 - 0x757e6000 C:\Windows\syswow64\NSI.dll
0x72f50000 - 0x72fd0000 C:\Windows\system32\uxtheme.dll
0x73ca0000 - 0x73cd2000 C:\Windows\system32\WINMM.dll
0x73ce0000 - 0x73ce7000 C:\Windows\system32\wsock32.dll
0x73c50000 - 0x73c58000 C:\Windows\system32\Secur32.dll
0x73c60000 - 0x73c6b000 C:\Windows\system32\profapi.dll
0x73aa0000 - 0x73adc000 C:\Windows\system32\mswsock.dll
0x73740000 - 0x73745000 C:\Windows\System32\wshtcpip.dll
0x73eb0000 - 0x73ec0000 C:\Windows\system32\NLAapi.dll
0x74570000 - 0x745b4000 C:\Windows\system32\DNSAPI.dll
0x74540000 - 0x74548000 C:\Windows\System32\winrnr.dll
0x74530000 - 0x74540000 C:\Windows\system32\napinsp.dll
0x73d00000 - 0x73d1c000 C:\Windows\system32\iphlpapi.DLL
0x73cf0000 - 0x73cf7000 C:\Windows\system32\WINNSI.DLL
0x744d0000 - 0x744e2000 C:\Windows\system32\pnrpnsp.dll
0x725b0000 - 0x725d7000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x74520000 - 0x7452d000 C:\Windows\system32\wshbth.dll
0x75550000 - 0x755d3000 C:\Windows\syswow64\CLBCatQ.DLL
0x72560000 - 0x72598000 C:\Windows\System32\fwpuclnt.dll
0x74010000 - 0x7406a000 C:\Windows\System32\netprofm.dll
0x725a0000 - 0x725a6000 C:\Windows\system32\rasadhlp.dll
0x73020000 - 0x73036000 C:\Windows\system32\CRYPTSP.dll
0x72fe0000 - 0x7301b000 C:\Windows\system32\rsaenh.dll
0x72fd0000 - 0x72fde000 C:\Windows\system32\RpcRtRemote.dll
0x73ea0000 - 0x73ea8000 C:\Windows\System32\npmproxy.dll
0x73d20000 - 0x73d26000 C:\Windows\System32\wship6.dll
0x72c60000 - 0x72c73000 C:\Windows\system32\dwmapi.dll
0x73940000 - 0x73961000 C:\Windows\system32\ntmarta.dll
0x753b0000 - 0x753f5000 C:\Windows\syswow64\WLDAP32.dll
0x73fd0000 - 0x74002000 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
0x73410000 - 0x7345b000 C:\Windows\system32\apphelp.dll
0x72420000 - 0x72472000 C:\Windows\system32\RASAPI32.dll
0x72540000 - 0x72555000 C:\Windows\system32\rasman.dll
0x73ec0000 - 0x73ecd000 C:\Windows\system32\rtutils.dll
0x72410000 - 0x72416000 C:\Windows\system32\sensapi.dll
0x72120000 - 0x7214d000 C:\Windows\system32\IEUI.dll
0x72100000 - 0x72105000 C:\Windows\system32\MSIMG32.dll
0x725f0000 - 0x726e5000 C:\Windows\system32\PROPSYS.dll
0x700c0000 - 0x700cc000 C:\Windows\system32\mssprxy.dll
0x6e7f0000 - 0x6e81f000 C:\Windows\system32\xmllite.dll
0x76c50000 - 0x76ded000 C:\Windows\syswow64\SETUPAPI.dll
0x76ab0000 - 0x76ad7000 C:\Windows\syswow64\CFGMGR32.dll
0x754f0000 - 0x75502000 C:\Windows\syswow64\DEVOBJ.dll
0x6e680000 - 0x6e7ef000 C:\Windows\system32\explorerframe.dll
0x6e650000 - 0x6e67f000 C:\Windows\system32\DUser.dll
0x6e590000 - 0x6e642000 C:\Windows\system32\DUI70.dll
0x6d9d0000 - 0x6e58a000 C:\Windows\system32\MSHTML.dll
0x73c90000 - 0x73c99000 C:\Windows\system32\VERSION.dll
0x6d910000 - 0x6d9ca000 C:\Windows\system32\d2d1.dll
0x6d800000 - 0x6d90a000 C:\Windows\system32\DWrite.dll
0x6d770000 - 0x6d7f3000 C:\Windows\system32\dxgi.dll
0x75a50000 - 0x75a7d000 C:\Windows\syswow64\WINTRUST.dll
0x75930000 - 0x75a4c000 C:\Windows\syswow64\CRYPT32.dll
0x75a90000 - 0x75a9c000 C:\Windows\syswow64\MSASN1.dll
0x6d740000 - 0x6d76c000 C:\Windows\system32\d3d10_1.dll
0x6d700000 - 0x6d73a000 C:\Windows\system32\d3d10_1core.dll
0x6d650000 - 0x6d6fc000 C:\Windows\system32\aticfx32.dll
0x6d640000 - 0x6d64b000 C:\Windows\system32\atiuxpag.dll
0x6ca20000 - 0x6d635000 C:\Windows\system32\igd10umd32.dll
0x69c40000 - 0x69c6e000 C:\Windows\system32\MLANG.dll
0x72b20000 - 0x72b7f000 C:\Windows\system32\SXS.DLL
0x69ae0000 - 0x69b4c000 C:\Windows\SysWOW64\ieapfltr.dll
0x698c0000 - 0x69a7b000 C:\Windows\SysWOW64\jscript9.dll
0x69ad0000 - 0x69adb000 C:\Windows\system32\msimtf.dll
0x73e30000 - 0x73e6a000 C:\Windows\SysWOW64\Dxtrans.dll
0x73ee0000 - 0x73ef4000 C:\Windows\SysWOW64\ATL.DLL
0x73e20000 - 0x73e2a000 C:\Windows\SysWOW64\ddrawex.dll
0x6ed30000 - 0x6ee17000 C:\Windows\SysWOW64\DDRAW.dll
0x6ed20000 - 0x6ed26000 C:\Windows\SysWOW64\DCIMAN32.dll
0x73dc0000 - 0x73e19000 C:\Windows\SysWOW64\Dxtmsft.dll
0x68ae0000 - 0x68bdb000 C:\Windows\system32\windowscodecs.dll
0x743c0000 - 0x744c2000 C:\Windows\system32\d3d10.dll
0x74380000 - 0x743b3000 C:\Windows\system32\d3d10core.dll
0x65250000 - 0x65382000 C:\Windows\System32\msxml3.dll
0x70e60000 - 0x70f26000 C:\Windows\System32\NaturalLanguage6.dll
0x70450000 - 0x705ce000 C:\Windows\system32\tquery.dll
0x74310000 - 0x7436c000 C:\Windows\System32\StructuredQuery.dll
0x70d40000 - 0x70e14000 C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
0x744f0000 - 0x7450f000 C:\Windows\system32\MSDART.DLL
0x72ef0000 - 0x72f07000 C:\Windows\system32\bcrypt.dll
0x73d50000 - 0x73d64000 C:\Program Files (x86)\Common Files\System\Ole DB\OLEDB32R.DLL
0x73e90000 - 0x73e9c000 C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
0x73970000 - 0x73a0b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x73d70000 - 0x73d7c000 C:\Windows\system32\ImgUtil.dll
0x68f90000 - 0x698b7000 C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx
0x68ed0000 - 0x68f42000 C:\Windows\system32\DSOUND.dll
0x72c30000 - 0x72c55000 C:\Windows\system32\POWRPROF.dll
0x68d00000 - 0x68ec3000 C:\Windows\system32\d3d9.dll
0x68f80000 - 0x68f86000 C:\Windows\system32\d3d8thk.dll
0x72930000 - 0x729a9000 C:\Windows\system32\mscms.dll
0x73810000 - 0x73827000 C:\Windows\system32\USERENV.dll
0x68f70000 - 0x68f7b000 C:\Windows\system32\atiu9pag.dll
0x140d0000 - 0x146ed000 C:\Windows\system32\igdumd32.dll
0x726f0000 - 0x72729000 C:\Windows\System32\MMDevApi.dll
0x689e0000 - 0x68a0b000 C:\Windows\system32\msls31.dll
0x69ac0000 - 0x69ac8000 C:\Windows\system32\credssp.dll
0x69a80000 - 0x69aba000 C:\Windows\SysWOW64\schannel.dll
VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~2\Java\jre6\lib\deploy.jar;C:\PROGRA~2\Java\jre6\lib\javaws.jar;C:\PROGRA~2\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic
Environment Variables:
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Sony\VAIO Startup Setting Tool;C:\Program Files (x86)\Windows Live\Shared
USERNAME=Aj-T'zib'
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows 7 Build 7600
CPU:total 4 (8 cores per cpu, 2 threads per core) family 6 model 42 stepping 7, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, ht
Memory: 4k page, physical 4108144k(2005604k free), swap 8214388k(5654612k free)
vm_info: Java HotSpot(TM) Client VM (17.1-b03) for windows-x86 JRE (1.6.0_22-b04), built on Sep 15 2010 00:56:36 by "java_re" with MS VC++ 7.1 (VS2003)
time: Wed Nov 23 21:47:18 2011
elapsed time: 1 seconds
I just did:
open IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
It seems that IE was reset to default settings. I am not sure how to run Java, but I went to control panel and clicked on the Java icon. Then I tried updating it, but I got the same error as before and IE closes. Issue with redirecting searches and music still conitnues.
open IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
It seems that IE was reset to default settings. I am not sure how to run Java, but I went to control panel and clicked on the Java icon. Then I tried updating it, but I got the same error as before and IE closes. Issue with redirecting searches and music still conitnues.
So I ran JavaRa and was able to install Java and update it. When I tried to remove older versions of Java it created this:
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Nov 24 12:33:17 2011
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
------------------------------------
Finished reporting.
Issues still continues though. Thanks for your help!!
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Nov 24 12:33:17 2011
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
------------------------------------
Finished reporting.
Issues still continues though. Thanks for your help!!
Broni
Posts: 56,041 +517
Go here: https://www.techspot.com/downloads/6463-java-se.html and download standalone Java installer (Windows 7, XP Offline).
See if it'll install.
Does the redirection happen in Firefox as well?
Does the music play if IE is closed and Firefox opened?
See if it'll install.
Does the redirection happen in Firefox as well?
Does the music play if IE is closed and Firefox opened?
Broni
Posts: 56,041 +517
Download Bootkit Remover to your Desktop.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`b4300000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
Done;
Press any key to quit...
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`b4300000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
Done;
Press any key to quit...
Broni
Posts: 56,041 +517
There you go.
Your MBR seems to be infected.
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
On the System Recovery Options menu you will get the following options:
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
exit
Restart computer.
Post new Bootkit Remover log.
Your MBR seems to be infected.
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
exit
Restart computer.
Post new Bootkit Remover log.
I used a System Repair Disc to access the command prompt and executed bootrec /fixmbr. Here is the Bookit Remover Log.
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`b4300000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
Done;
Press any key to quit...
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`b4300000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
Done;
Press any key to quit...
Broni
Posts: 56,041 +517
Download TDSSKiller and save it to your desktop.
- Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Similar threads
Latest posts
-
Walmart prepares for a future where AI agents do the shopping- Thrackerzod replied
