Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts

I have peoplepc and netzeo and notice a process called exec.exe ( 2 are running in my machine) in my tas mgr program. I went to Hkey local machine and saw it (run) How to get rid of it if it is a remote admin tool ? I tried deleting with the admin account and my user account but can not get acess to it .

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Umm I for got to mention that when I got my peoplpc disks to install the program it had the heuristic download virus/trojan on it and is write prrotected so it did'nt come from me I have 2 disks now from people pc that have this virus on them
I don't now if this is relevant or not but menbtioned it anywy..

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:03:58 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\horror child\My Documents\NetZero\exec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\horror child\My Documents\NetZero\exec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\horror child\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Documents and Settings\horror child\My

Documents\NetZero\exec.exe regrun
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{34A94E47-597C-475D-91C9-0849AC313381}: NameServer =
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\WRSSSDK.exe

sory bout that
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I wason the internet and this happened :
# An unexpected error has been detected by HotSpot Virtual Machine:
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c911e58, pid=2512, tid=3388
# Java VM: Java HotSpot™ Client VM (1.5.0_02-b09 mixed mode, sharing)
# Problematic frame:
# C [ntdll.dll+0x11e58]

--------------- T H R E A D ---------------

Current thread (0x022a3bb8): JavaThread "CompilerThread0" daemon [_thread_in_vm, id=3388]

siginfo: ExceptionCode=0xc0000005, reading address 0x6176616a

EAX=0x07d1bdc0, EBX=0x00030000, ECX=0x6176616a, EDX=0x20746109
ESP=0x045bf6f0, EBP=0x045bf6fc, ESI=0x07d1bdb8, EDI=0x07d1c000
EIP=0x7c911e58, EFLAGS=0x00010246

Top of Stack: (sp=0x045bf6f0)
0x045bf6f0: 00030000 00000001 00030004 045bf734
0x045bf700: 7c918251 6176616a 07d1c000 045bf728
0x045bf710: 00000000 00000068 00030168 00030000
0x045bf720: 045bf704 07c291c8 00000200 07a50000
0x045bf730: 00030168 045bf964 7c911c76 03030000
0x045bf740: 00000340 0572e2c8 00000338 07c0acd0
0x045bf750: 0000000c 00000000 07c291e0 045bf7a0
0x045bf760: 045bfa44 045bf78c 045bf848 6d676d85

Instructions: (pc=0x7c911e58)
0x7c911e48: 85 97 7a 03 00 8b 4e 0c 8d 46 08 8b 10 89 4d 08
0x7c911e58: 8b 09 3b 4a 04 89 55 0c 0f 85 9d 00 00 00 3b c8

Stack: [0x044c0000,0x045c0000), sp=0x045bf6f0, free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [ntdll.dll+0x11e58]
C [ntdll.dll+0x18251]
C [ntdll.dll+0x11c76]
C [msvcrt.dll+0x1c3c9]
C [msvcrt.dll+0x1c3e7]
C [msvcrt.dll+0x1c42e]

Current CompileTask:
HotSpot Client Compiler:163 b javax.swing.text.GapContent.findSortIndex(Ljavax/swing/text/GapContent$MarkData;)I (131 bytes)

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x07d118d8 JavaThread "TimerQueue" daemon [_thread_blocked, id=3444]
0x07a81278 JavaThread "TimerQueue" daemon [_thread_blocked, id=3408]
0x07a6a2e8 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3492]
0x07a69818 JavaThread "ConsoleWriterThread" daemon [_thread_blocked, id=3552]
0x02280978 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=3508]
0x022b19f0 JavaThread "AWT-Shutdown" [_thread_blocked, id=3564]
0x02259e30 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3048]
0x02280d18 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3568]
0x0227fc38 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3496]
0x02223720 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3576]
=>0x022a3bb8 JavaThread "CompilerThread0" daemon [_thread_in_vm, id=3388]
0x053c91a0 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3108]
0x052cfe18 JavaThread "Finalizer" daemon [_thread_blocked, id=3088]
0x05295698 JavaThread "Reference Handler" daemon [_thread_blocked, id=3392]
0x02299448 JavaThread "main" [_thread_in_native, id=2412]

Other Threads:
0x05293b90 VMThread [id=3376]
0x022923b8 WatcherThread [id=3488]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
[0x02289f40/0x000008f0] CodeCache_lock - owner thread: 0x022a3bb8
[0x022336e8/0x000008ec] MethodCompileQueue_lock - owner thread: 0x022a3bb8

def new generation total 576K, used 241K [0x20ad0000, 0x20b70000, 0x21230000)
eden space 512K, 34% used [0x20ad0000, 0x20afc530, 0x20b50000)
from space 64K, 100% used [0x20b50000, 0x20b60000, 0x20b60000)
to space 64K, 0% used [0x20b60000, 0x20b60000, 0x20b70000)
tenured generation total 2692K, used 2011K [0x21230000, 0x214d1000, 0x26ad0000)
the space 2692K, 74% used [0x21230000, 0x21426e80, 0x21427000, 0x214d1000)
compacting perm gen total 8192K, used 1370K [0x26ad0000, 0x272d0000, 0x2aad0000)
the space 8192K, 16% used [0x26ad0000, 0x26c26a70, 0x26c26c00, 0x272d0000)
ro space 8192K, 62% used [0x2aad0000, 0x2afd8018, 0x2afd8200, 0x2b2d0000)
rw space 12288K, 46% used [0x2b2d0000, 0x2b85c620, 0x2b85c800, 0x2bed0000)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f56000 C:\WINDOWS\system32\GDI32.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778cc000 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 - 0x7761c000 C:\WINDOWS\system32\ole32.dll
0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x773d0000 - 0x774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7c9c0000 - 0x7d1d4000 C:\WINDOWS\system32\SHELL32.dll
0x5d090000 - 0x5d127000 C:\WINDOWS\system32\comctl32.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x75f80000 - 0x7607c000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772fc000 C:\WINDOWS\system32\urlmon.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x769c0000 - 0x76a73000 C:\WINDOWS\system32\USERENV.dll
0x10000000 - 0x1000e000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 - 0x7c396000 C:\WINDOWS\system32\MSVCR71.dll
0x00da0000 - 0x00dde000 c:\program files\peoplepc\toolbar\PPCToolbar.dll
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x5cd70000 - 0x5cd77000 C:\WINDOWS\system32\serwvdrv.dll
0x5b0a0000 - 0x5b0a7000 C:\WINDOWS\system32\umdmxfrm.dll
0x00ef0000 - 0x011b5000 C:\WINDOWS\system32\xpsp2res.dll
0x71d40000 - 0x71d5c000 C:\WINDOWS\system32\actxprxy.dll
0x7d1e0000 - 0x7d492000 C:\WINDOWS\system32\msi.dll
0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL
0x7d4a0000 - 0x7d782000 C:\WINDOWS\system32\mshtml.dll
0x746c0000 - 0x746e7000 C:\WINDOWS\system32\msls31.dll
0x019e0000 - 0x01a68000 C:\WINDOWS\system32\shdoclc.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\MLANG.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\wsock32.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x75c50000 - 0x75cbe000 C:\WINDOWS\system32\jscript.dll
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x5ff20000 - 0x5ff46000 C:\WINDOWS\system32\MSRATING.dll
0x5ff50000 - 0x5ff61000 C:\WINDOWS\system32\msratelc.dll
0x76990000 - 0x769b5000 C:\WINDOWS\system32\ntshrui.dll
0x76980000 - 0x76988000 C:\WINDOWS\system32\LINKINFO.dll
0x71b20000 - 0x71b32000 C:\WINDOWS\system32\MPR.dll
0x75f60000 - 0x75f67000 C:\WINDOWS\System32\drprov.dll
0x71c10000 - 0x71c1e000 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 - 0x71ce7000 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 - 0x71cd0000 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 - 0x71c87000 C:\WINDOWS\System32\NETRAP.dll
0x71bf0000 - 0x71c03000 C:\WINDOWS\System32\SAMLIB.dll
0x75f70000 - 0x75f79000 C:\WINDOWS\System32\davclnt.dll
0x75970000 - 0x75a67000 C:\WINDOWS\system32\MSGINA.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x74320000 - 0x7435d000 C:\WINDOWS\system32\ODBC32.dll
0x026e0000 - 0x026f7000 C:\WINDOWS\system32\odbcint.dll
0x4ec50000 - 0x4edf3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x73b30000 - 0x73b44000 C:\WINDOWS\system32\mscms.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x66880000 - 0x6688c000 C:\WINDOWS\system32\ImgUtil.dll
0x5e310000 - 0x5e31c000 C:\WINDOWS\system32\pngfilt.dll
0x72b20000 - 0x72b38000 C:\WINDOWS\system32\plugin.ocx
0x73300000 - 0x73367000 C:\WINDOWS\system32\vbscript.dll
0x73dd0000 - 0x73ece000 C:\WINDOWS\system32\MFC42.DLL
0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737a9000 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x66e50000 - 0x66e8f000 C:\WINDOWS\system32\iepeers.dll
0x506a0000 - 0x5070b000 C:\WINDOWS\system32\wuapi.dll
0x6d590000 - 0x6d5a1000 C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_02\bin\jpiexp32.dll
0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_02\bin\jpishare.dll
0x6d640000 - 0x6d7c5000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll
0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d610000 - 0x6d61c000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\verify.dll
0x6d300000 - 0x6d31d000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.dll
0x6d630000 - 0x6d63f000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\zip.dll
0x6d000000 - 0x6d166000 C:\Program Files\Java\jre1.5.0_02\bin\awt.dll
0x6d240000 - 0x6d27d000 C:\Program Files\Java\jre1.5.0_02\bin\fontmanager.dll
0x6d1f0000 - 0x6d203000 C:\Program Files\Java\jre1.5.0_02\bin\deploy.dll
0x6d5d0000 - 0x6d5ed000 C:\Program Files\Java\jre1.5.0_02\bin\RegUtils.dll
0x6d3e0000 - 0x6d3f4000 C:\Program Files\Java\jre1.5.0_02\bin\jpicom32.dll
0x6d4c0000 - 0x6d4d3000 C:\Program Files\Java\jre1.5.0_02\bin\net.dll
0x6d4e0000 - 0x6d4e9000 C:\Program Files\Java\jre1.5.0_02\bin\nio.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_02 -Djavaplugin.nodotversion=150_02 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_02 -Djavaplugin.nodotversion=150_02 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>

Environment Variables:
USERNAME=horror child
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht

Memory: 4k page, physical 196080k(39240k free), swap 478132k(233400k free)

vm_info: Java HotSpot™ Client VM (1.5.0_02-b09) for windows-x86, built on Mar 4 2005 01:53:53 by "java_re" with MS VC++ 6.0

Sometimes the java console will just pop up I dont think I did anything to open it
Maybe this is the problem my logfile is on a post dated the 19th this month.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP