Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several infections MBAM found


  • Please log in to reply
11 replies to this topic

#1 Guy0502

Guy0502

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 22 January 2010 - 07:22 AM

Here's the log:
Malwarebytes' Anti-Malware 1.44
Database version: 3612
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/01/2010 2:26:37 PM
mbam-log-2010-01-22 (14-26-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235285
Time elapsed: 1 hour(s), 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\icons (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\702_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\702_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\Starware343Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.

It isn't my computer, and the only virus scans in the past year were probably the scheduled McAfee ones. I followed up with a SuperAntiSpyware scan, but it only found tracking cookies. Looks like most of it is adware, but I was wondering about Trojan.FakeAlert, Trojan.Agent, Rogue.WinAntiVirus and Rogue.DriveCleaner.
Thanks!
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 22 January 2010 - 02:50 PM

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 23 January 2010 - 02:52 AM

I updated it & restarted before the scan. It found nothing.
Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/01/2010 5:42:29 PM
mbam-log-2010-01-23 (17-42-29).txt

Scan type: Quick Scan
Objects scanned: 127801
Time elapsed: 14 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 23 January 2010 - 07:17 AM

Lets do another anti-malware scan to see if we find anything else that MBAM may have missed.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you cannot boot into safe mode or complete a scan, then perform your scan in normal mode.

-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 23 January 2010 - 11:43 PM

I can't run the scan right now, but I did run a quick scan before and it found nothing. I'll run the full scan later today.
I found three system error messages in the desktop, they are below. Any idea what they are?
And one last thing, the owner of the computer has currently got McAfee (paid) installed. I downloaded avast, but I'm not sure if I should have two resident AVs running at once. He doesn't want me to uninstall McAfee as he paid for it. What should I do?


An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_STACK_OVERFLOW (0xc00000fd) occurred at PC=0x7C90E8EE
Function=strchr+0xE1
Library=C:\WINDOWS\system32\ntdll.dll

Current Java thread:

Dynamic libraries:
0x00400000 - 0x0049C000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B2000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F6000 C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F02000 C:\WINDOWS\system32\RPCRT4.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x7E410000 - 0x7E4A1000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F59000 C:\WINDOWS\system32\GDI32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7C9C0000 - 0x7D1D7000 C:\WINDOWS\system32\SHELL32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x3DFD0000 - 0x3E1B8000 C:\WINDOWS\system32\iertutil.dll
0x78130000 - 0x78262000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
0x5CB70000 - 0x5CB96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769C0000 - 0x76A74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x629C0000 - 0x629C9000 C:\WINDOWS\system32\LPK.DLL
0x74D90000 - 0x74DFB000 C:\WINDOWS\system32\USP10.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x3E1C0000 - 0x3EC53000 C:\WINDOWS\system32\IEFRAME.dll
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x451F0000 - 0x451F6000 C:\Program Files\Internet Explorer\xpshims.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476C000 C:\WINDOWS\system32\MSCTF.dll
0x016C0000 - 0x01985000 C:\WINDOWS\system32\xpsp2res.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x439B0000 - 0x439F0000 C:\Program Files\Internet Explorer\ieproxy.dll
0x3D930000 - 0x3DA16000 C:\WINDOWS\system32\WININET.dll
0x01190000 - 0x01199000 C:\WINDOWS\system32\Normaliz.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\ws2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\System32\mswsock.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\MLANG.dll
0x755C0000 - 0x755EE000 C:\WINDOWS\system32\msctfime.ime
0x10000000 - 0x101D0000 C:\Program Files\Israel_Radio\tbIsr1.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x77A80000 - 0x77B15000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x5CD70000 - 0x5CD77000 C:\WINDOWS\system32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000 C:\WINDOWS\system32\umdmxfrm.dll
0x74980000 - 0x74AA3000 C:\WINDOWS\system32\msxml3.dll
0x029B0000 - 0x029BD000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x02F50000 - 0x02F85000 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
0x02FB0000 - 0x03015000 c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll
0x708F0000 - 0x70903000 C:\WINDOWS\system32\asycfilt.dll
0x69400000 - 0x69411000 c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL
0x7D1E0000 - 0x7D49C000 C:\WINDOWS\system32\msi.dll
0x03700000 - 0x037DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\imagehlp.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x5B860000 - 0x5B8B5000 C:\WINDOWS\system32\NETAPI32.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.dll
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x77C70000 - 0x77C95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679C000 C:\WINDOWS\system32\cryptdll.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x7E720000 - 0x7E7D0000 C:\WINDOWS\system32\SXS.DLL
0x04000000 - 0x04010000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x04020000 - 0x040BB000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x03DD0000 - 0x03ED0000 C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
0x040F0000 - 0x04275000 C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\dbghelp.dll
0x74C80000 - 0x74CAC000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x69300000 - 0x69340000 c:\PROGRA~1\mcafee\msk\mskapbho.dll
0x4D4F0000 - 0x4D549000 C:\WINDOWS\system32\WINHTTP.dll
0x655E0000 - 0x65639000 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
0x4EC50000 - 0x4EDFB000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x7C3A0000 - 0x7C41B000 C:\WINDOWS\system32\MSVCP71.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\system32\MSVCR71.dll
0x04770000 - 0x048AD000 C:\Program Files\Israel_Radio\tbIsr0.dll
0x14490000 - 0x144A3000 C:\Program Files\McAfee\VirusScan\scriptsn.dll
0x3D7A0000 - 0x3D854000 C:\WINDOWS\system32\JScript.dll
0x048D0000 - 0x0493A000 C:\WINDOWS\system32\VBScript.dll
0x14180000 - 0x1418F000 C:\Program Files\McAfee\VirusScan\mytilus3.dll
0x14710000 - 0x1474E000 C:\Program Files\McAfee\VirusScan\mytilus3_worker.dll
0x76780000 - 0x76789000 C:\WINDOWS\system32\SHFOLDER.dll
0x14100000 - 0x14107000 C:\Program Files\McAfee\VirusScan\RES00\McShield.dll
0x29500000 - 0x29567000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x27500000 - 0x2761A000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x04C60000 - 0x04FDF000 c:\program files\google\googletoolbar5.dll
0x05110000 - 0x05128000 C:\Program Files\BAE\BAE.dll
0x05150000 - 0x0528D000 C:\Program Files\isr\tbis1.dll
0x053B0000 - 0x053DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x3DA20000 - 0x3DFCE000 C:\WINDOWS\system32\mshtml.dll
0x05660000 - 0x05689000 C:\WINDOWS\system32\msls31.dll
0x75E60000 - 0x75E73000 C:\WINDOWS\system32\cryptnet.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x06760000 - 0x06780000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSiteAdvisor.dll
0x067A0000 - 0x067D0000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll
0x746F0000 - 0x7471A000 C:\WINDOWS\system32\msimtf.dll
0x71D40000 - 0x71D5B000 C:\WINDOWS\system32\actxprxy.dll
0x42070000 - 0x4209F000 C:\WINDOWS\system32\iepeers.dll
0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D380000 - 0x6D398000 C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
0x08000000 - 0x08138000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\client\jvm.dll
0x04B70000 - 0x04B77000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\hpi.dll
0x04B90000 - 0x04B9E000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\verify.dll
0x04BA0000 - 0x04BB9000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\java.dll
0x04BC0000 - 0x04BCD000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\zip.dll
0x767F0000 - 0x76818000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll
0x77690000 - 0x776B1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71BF0000 - 0x71C03000 C:\WINDOWS\system32\SAMLIB.dll

Heap at VM Abort:
Heap
def new generation total 576K, used 0K [0x14750000, 0x147f0000, 0x14eb0000)
eden space 512K, 0% used [0x14750000, 0x14750048, 0x147d0000)
from space 64K, 0% used [0x147d0000, 0x147d0000, 0x147e0000)
to space 64K, 0% used [0x147e0000, 0x147e0000, 0x147f0000)
tenured generation total 1408K, used 0K [0x14eb0000, 0x15010000, 0x1a750000)
the space 1408K, 0% used [0x14eb0000, 0x14eb0000, 0x14eb0200, 0x15010000)
compacting perm gen total 4096K, used 265K [0x1a750000, 0x1ab50000, 0x1e750000)
the space 4096K, 6% used [0x1a750000, 0x1a7924e8, 0x1a792600, 0x1ab50000)

Local Time = Sun Jan 24 13:50:46 2010
Elapsed Time = 7
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_03-b02 mixed mode)
#

----------------------------------------------------------------------------------------
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_STACK_OVERFLOW (0xc00000fd) occurred at PC=0x7C90E8EE
Function=strchr+0xE1
Library=C:\WINDOWS\system32\ntdll.dll

Current Java thread:

Dynamic libraries:
0x00400000 - 0x0049C000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B2000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F6000 C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F02000 C:\WINDOWS\system32\RPCRT4.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x7E410000 - 0x7E4A1000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F59000 C:\WINDOWS\system32\GDI32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7C9C0000 - 0x7D1D7000 C:\WINDOWS\system32\SHELL32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x3DFD0000 - 0x3E1B8000 C:\WINDOWS\system32\iertutil.dll
0x78130000 - 0x78262000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
0x5CB70000 - 0x5CB96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769C0000 - 0x76A74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x629C0000 - 0x629C9000 C:\WINDOWS\system32\LPK.DLL
0x74D90000 - 0x74DFB000 C:\WINDOWS\system32\USP10.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x3E1C0000 - 0x3EC53000 C:\WINDOWS\system32\IEFRAME.dll
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x451F0000 - 0x451F6000 C:\Program Files\Internet Explorer\xpshims.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476C000 C:\WINDOWS\system32\MSCTF.dll
0x016C0000 - 0x01985000 C:\WINDOWS\system32\xpsp2res.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x439B0000 - 0x439F0000 C:\Program Files\Internet Explorer\ieproxy.dll
0x3D930000 - 0x3DA16000 C:\WINDOWS\system32\WININET.dll
0x01190000 - 0x01199000 C:\WINDOWS\system32\Normaliz.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\ws2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\System32\mswsock.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\MLANG.dll
0x755C0000 - 0x755EE000 C:\WINDOWS\system32\msctfime.ime
0x10000000 - 0x101D0000 C:\Program Files\Israel_Radio\tbIsr1.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x77A80000 - 0x77B15000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x5CD70000 - 0x5CD77000 C:\WINDOWS\system32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000 C:\WINDOWS\system32\umdmxfrm.dll
0x74980000 - 0x74AA3000 C:\WINDOWS\system32\msxml3.dll
0x02AB0000 - 0x02ABD000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x03050000 - 0x03085000 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
0x030B0000 - 0x03115000 c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll
0x708F0000 - 0x70903000 C:\WINDOWS\system32\asycfilt.dll
0x69400000 - 0x69411000 c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL
0x7D1E0000 - 0x7D49C000 C:\WINDOWS\system32\msi.dll
0x03800000 - 0x038DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\imagehlp.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x5B860000 - 0x5B8B5000 C:\WINDOWS\system32\NETAPI32.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.dll
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x77C70000 - 0x77C95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679C000 C:\WINDOWS\system32\cryptdll.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x7E720000 - 0x7E7D0000 C:\WINDOWS\system32\SXS.DLL
0x04000000 - 0x04010000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x04020000 - 0x040BB000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x040D0000 - 0x041D0000 C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
0x041F0000 - 0x04375000 C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\dbghelp.dll
0x74C80000 - 0x74CAC000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x69300000 - 0x69340000 c:\PROGRA~1\mcafee\msk\mskapbho.dll
0x4D4F0000 - 0x4D549000 C:\WINDOWS\system32\WINHTTP.dll
0x655E0000 - 0x65639000 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
0x4EC50000 - 0x4EDFB000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x7C3A0000 - 0x7C41B000 C:\WINDOWS\system32\MSVCP71.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\system32\MSVCR71.dll
0x04770000 - 0x048AD000 C:\Program Files\Israel_Radio\tbIsr0.dll
0x14490000 - 0x144A3000 C:\Program Files\McAfee\VirusScan\scriptsn.dll
0x3D7A0000 - 0x3D854000 C:\WINDOWS\system32\JScript.dll
0x048D0000 - 0x0493A000 C:\WINDOWS\system32\VBScript.dll
0x14180000 - 0x1418F000 C:\Program Files\McAfee\VirusScan\mytilus3.dll
0x14710000 - 0x1474E000 C:\Program Files\McAfee\VirusScan\mytilus3_worker.dll
0x76780000 - 0x76789000 C:\WINDOWS\system32\SHFOLDER.dll
0x14100000 - 0x14107000 C:\Program Files\McAfee\VirusScan\RES00\McShield.dll
0x29500000 - 0x29567000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x27500000 - 0x2761A000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x04C60000 - 0x04FDF000 c:\program files\google\googletoolbar5.dll
0x05110000 - 0x05128000 C:\Program Files\BAE\BAE.dll
0x05150000 - 0x0528D000 C:\Program Files\isr\tbis1.dll
0x052B0000 - 0x052DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x3DA20000 - 0x3DFCE000 C:\WINDOWS\system32\mshtml.dll
0x05360000 - 0x05389000 C:\WINDOWS\system32\msls31.dll
0x75E60000 - 0x75E73000 C:\WINDOWS\system32\cryptnet.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x71D40000 - 0x71D5B000 C:\WINDOWS\system32\actxprxy.dll
0x06360000 - 0x06380000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSiteAdvisor.dll
0x063A0000 - 0x063D0000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll
0x746F0000 - 0x7471A000 C:\WINDOWS\system32\msimtf.dll
0x42070000 - 0x4209F000 C:\WINDOWS\system32\iepeers.dll
0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D380000 - 0x6D398000 C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
0x08000000 - 0x08138000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\client\jvm.dll
0x04B60000 - 0x04B67000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\hpi.dll
0x04B80000 - 0x04B8E000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\verify.dll
0x04B90000 - 0x04BA9000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\java.dll
0x04BB0000 - 0x04BBD000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\zip.dll
0x767F0000 - 0x76818000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll
0x77690000 - 0x776B1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71BF0000 - 0x71C03000 C:\WINDOWS\system32\SAMLIB.dll

Heap at VM Abort:
Heap
def new generation total 576K, used 0K [0x14750000, 0x147f0000, 0x14eb0000)
eden space 512K, 0% used [0x14750000, 0x14750048, 0x147d0000)
from space 64K, 0% used [0x147d0000, 0x147d0000, 0x147e0000)
to space 64K, 0% used [0x147e0000, 0x147e0000, 0x147f0000)
tenured generation total 1408K, used 0K [0x14eb0000, 0x15010000, 0x1a750000)
the space 1408K, 0% used [0x14eb0000, 0x14eb0000, 0x14eb0200, 0x15010000)
compacting perm gen total 4096K, used 265K [0x1a750000, 0x1ab50000, 0x1e750000)
the space 4096K, 6% used [0x1a750000, 0x1a7924e8, 0x1a792600, 0x1ab50000)

Local Time = Sun Jan 24 13:51:02 2010
Elapsed Time = 6
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_03-b02 mixed mode)
#

--------------------------------------------------------------------------------------
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_STACK_OVERFLOW (0xc00000fd) occurred at PC=0x7C90E8EE
Function=strchr+0xE1
Library=C:\WINDOWS\system32\ntdll.dll

Current Java thread:

Dynamic libraries:
0x00400000 - 0x0049C000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B2000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F6000 C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F02000 C:\WINDOWS\system32\RPCRT4.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x7E410000 - 0x7E4A1000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F59000 C:\WINDOWS\system32\GDI32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7C9C0000 - 0x7D1D7000 C:\WINDOWS\system32\SHELL32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x3DFD0000 - 0x3E1B8000 C:\WINDOWS\system32\iertutil.dll
0x78130000 - 0x78262000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
0x5CB70000 - 0x5CB96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769C0000 - 0x76A74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x629C0000 - 0x629C9000 C:\WINDOWS\system32\LPK.DLL
0x74D90000 - 0x74DFB000 C:\WINDOWS\system32\USP10.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x3E1C0000 - 0x3EC53000 C:\WINDOWS\system32\IEFRAME.dll
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x451F0000 - 0x451F6000 C:\Program Files\Internet Explorer\xpshims.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476C000 C:\WINDOWS\system32\MSCTF.dll
0x016C0000 - 0x01985000 C:\WINDOWS\system32\xpsp2res.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x439B0000 - 0x439F0000 C:\Program Files\Internet Explorer\ieproxy.dll
0x3D930000 - 0x3DA16000 C:\WINDOWS\system32\WININET.dll
0x01190000 - 0x01199000 C:\WINDOWS\system32\Normaliz.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\ws2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\System32\mswsock.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\MLANG.dll
0x755C0000 - 0x755EE000 C:\WINDOWS\system32\msctfime.ime
0x10000000 - 0x101D0000 C:\Program Files\Israel_Radio\tbIsr1.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x77A80000 - 0x77B15000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x5CD70000 - 0x5CD77000 C:\WINDOWS\system32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000 C:\WINDOWS\system32\umdmxfrm.dll
0x74980000 - 0x74AA3000 C:\WINDOWS\system32\msxml3.dll
0x02AB0000 - 0x02ABD000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x03050000 - 0x03085000 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
0x030B0000 - 0x03115000 c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll
0x708F0000 - 0x70903000 C:\WINDOWS\system32\asycfilt.dll
0x69400000 - 0x69411000 c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL
0x7D1E0000 - 0x7D49C000 C:\WINDOWS\system32\msi.dll
0x03800000 - 0x038DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\imagehlp.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x5B860000 - 0x5B8B5000 C:\WINDOWS\system32\NETAPI32.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.dll
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x77C70000 - 0x77C95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679C000 C:\WINDOWS\system32\cryptdll.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x7E720000 - 0x7E7D0000 C:\WINDOWS\system32\SXS.DLL
0x04000000 - 0x04010000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x04020000 - 0x040BB000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x03ED0000 - 0x03FD0000 C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
0x040F0000 - 0x04275000 C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\dbghelp.dll
0x74C80000 - 0x74CAC000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x69300000 - 0x69340000 c:\PROGRA~1\mcafee\msk\mskapbho.dll
0x4D4F0000 - 0x4D549000 C:\WINDOWS\system32\WINHTTP.dll
0x655E0000 - 0x65639000 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
0x4EC50000 - 0x4EDFB000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x7C3A0000 - 0x7C41B000 C:\WINDOWS\system32\MSVCP71.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\system32\MSVCR71.dll
0x04770000 - 0x048AD000 C:\Program Files\Israel_Radio\tbIsr0.dll
0x14490000 - 0x144A3000 C:\Program Files\McAfee\VirusScan\scriptsn.dll
0x3D7A0000 - 0x3D854000 C:\WINDOWS\system32\JScript.dll
0x048D0000 - 0x0493A000 C:\WINDOWS\system32\VBScript.dll
0x14180000 - 0x1418F000 C:\Program Files\McAfee\VirusScan\mytilus3.dll
0x14710000 - 0x1474E000 C:\Program Files\McAfee\VirusScan\mytilus3_worker.dll
0x76780000 - 0x76789000 C:\WINDOWS\system32\SHFOLDER.dll
0x14100000 - 0x14107000 C:\Program Files\McAfee\VirusScan\RES00\McShield.dll
0x29500000 - 0x29567000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x27500000 - 0x2761A000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x04C60000 - 0x04FDF000 c:\program files\google\googletoolbar5.dll
0x05110000 - 0x05128000 C:\Program Files\BAE\BAE.dll
0x05150000 - 0x0528D000 C:\Program Files\isr\tbis1.dll
0x053B0000 - 0x053DC000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x3DA20000 - 0x3DFCE000 C:\WINDOWS\system32\mshtml.dll
0x05670000 - 0x05699000 C:\WINDOWS\system32\msls31.dll
0x71D40000 - 0x71D5B000 C:\WINDOWS\system32\actxprxy.dll
0x75E60000 - 0x75E73000 C:\WINDOWS\system32\cryptnet.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x06360000 - 0x06380000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSiteAdvisor.dll
0x063A0000 - 0x063D0000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll
0x746F0000 - 0x7471A000 C:\WINDOWS\system32\msimtf.dll
0x42070000 - 0x4209F000 C:\WINDOWS\system32\iepeers.dll
0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D380000 - 0x6D398000 C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
0x08000000 - 0x08138000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\client\jvm.dll
0x067D0000 - 0x067D7000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\hpi.dll
0x067F0000 - 0x067FE000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\verify.dll
0x06800000 - 0x06819000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\java.dll
0x06820000 - 0x0682D000 C:\PROGRA~1\Java\J2RE14~1.2_0\bin\zip.dll
0x767F0000 - 0x76818000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll
0x77690000 - 0x776B1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71BF0000 - 0x71C03000 C:\WINDOWS\system32\SAMLIB.dll

Heap at VM Abort:
Heap
def new generation total 576K, used 0K [0x14750000, 0x147f0000, 0x14eb0000)
eden space 512K, 0% used [0x14750000, 0x14750048, 0x147d0000)
from space 64K, 0% used [0x147d0000, 0x147d0000, 0x147e0000)
to space 64K, 0% used [0x147e0000, 0x147e0000, 0x147f0000)
tenured generation total 1408K, used 0K [0x14eb0000, 0x15010000, 0x1a750000)
the space 1408K, 0% used [0x14eb0000, 0x14eb0000, 0x14eb0200, 0x15010000)
compacting perm gen total 4096K, used 265K [0x1a750000, 0x1ab50000, 0x1e750000)
the space 4096K, 6% used [0x1a750000, 0x1a7924e8, 0x1a792600, 0x1ab50000)

Local Time = Sun Jan 24 13:51:17 2010
Elapsed Time = 7
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_03-b02 mixed mode)
#
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 24 January 2010 - 08:37 AM

Using more than one anti-virus program is not advisable. The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even when one of them is disabled for use as a stand-alone scanner, it can affect the other. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as malicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. Nonetheless, to avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Anti-virus vendors recommend that you install and run only one anti-virus program at a timeWhen necessary, you can always get another opinion by performing an Online Virus Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 24 January 2010 - 10:04 PM

Can you make a recommendation between Avast and McAfee?
And what were these error messages?
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 24 January 2010 - 10:56 PM

My personal choice is NOD32 Anti-Virus if choosing a paid for program or avast! Home Edition Anti-virus if choosing a free one.

Event Viewer will show the following types of events:
Application: This category contains events that occur in your applications. For example, an application event may record a configuration change, a missing file, or a severed remote connection.

System: The system log shows all events that pertain to Windows. This is the virtual diary Windows uses to keep track of all actions for each system component, including background services, devices, and networking components.

Security: The security category records all events that pertain to security policies. Security events, such as file access and creation, user logons, and policy changes, will be shown here. By default, security logging is not enabled in WinXP. An administrator must install a security logging package into the OS and specify which types of security events to monitor. Configuring this type of logging is a bit beyond the scope of this article, so we'll focus mainly on accessing and utilizing log files themselves.

For more information, please refer to:

Edited by quietman7, 24 January 2010 - 10:59 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 25 January 2010 - 08:33 PM

Owner received two BSoD.
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 26 January 2010 - 09:45 AM

Did the BSOD provide a Stop error or identify a driver (.sys file) as shown in this example?

Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems during or after running anti-malware scanners can be symptomatic of a variety of things to include problems encountered with certain types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, etc) that are being scanned. Crashes can also be symptomatic of hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. Even legitimate programs like CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) can trigger crashes, various stop error messages and system hangs so you may or may not be dealing with multiple issues which are not all malware related. Troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts.

When Windows XP detects a problem from which it cannot recover, it displays Stop Error Messages which contain specific information that can help diagnose and resolve the problem detected by the Windows kernel. An error message can be related to a broad number of problems such as driver conflicts, hardware issues, read/write errors, and software malfunctions and malware. In Windows XP, the default setting is for the computer to reboot automatically when a fatal error or crash occurs. You may not see the error code because the computer reboots too fast.

An easier alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message when it happens - this is also known as the Blue Screen Of Death (BSOD). To change the recovery settings and Disable the Automatic Restart on System Failure in Windows XP, go to Start > Run and type: sysdm.cpl
Click Ok to open System Properties.

Alternatively you can just press WINKEY + Pause/Break keys to bring up System Properties.
  • Go to the Advanced tab and under "Startup and Recovery", click on the "Settings" button and go to "System failure".
  • Make sure "Write an event to the system log" is checked and that "Automatically restart" is unchecked.
  • Click "OK" and reboot manually for the changes to take effect.
This can also be done in the Windows Advanced Options Menu as shown here here by pressing the F8 key repeatedly like you would do for entering safe mode.

-- Vista users can refer to these instructions: How To Disable the Automatic Restart on System Failure in Windows Vista.

Doing this won't cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with an error code and other information to include file(s) that may be involved which will allow you to better trace your problem. Write down the full error code and the names of any files/drivers listed, then provide that information in your next reply so we can assist you with investigating the cause. Without that specific information, we would only be guessing rather than troubleshooting.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 27 January 2010 - 03:05 AM

I ran the memory dump debugger (there were two memory dumps).
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054bfcb, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExAllocatePoolWithTag+663
8054bfcb 8b06 mov eax,dword ptr [esi]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 805370d0 to 8054bfcb

STACK_TEXT:
ef487474 805370d0 00000008 00000001 20707249 nt!ExAllocatePoolWithTag+0x663
ef487498 804f0e83 00000000 000001fc 20707249 nt!ExAllocatePoolWithQuotaTag+0x46
ef4874e4 80582d87 0000000b 00000001 871918e8 nt!IopAllocateIrpPrivate+0x119
ef4875cc 805bf452 87191900 00000000 870bb588 nt!IopParseDevice+0x59f
ef487644 805bb9de 00000000 ef487684 00000240 nt!ObpLookupObjectName+0x53c
ef487698 80576033 00000000 00000000 e6017800 nt!ObOpenObjectByName+0xea
ef487714 805769aa ef48785c 001200a9 ef487830 nt!IopCreateFile+0x407
ef487770 bf85878f ef48785c 001200a9 ef487830 nt!IoCreateFile+0x8e
ef487a7c bf83706d e1ff7cd0 ef487aa0 00000000 win32k!bCreateSection+0xe9
ef487ad4 bf836f4c e294f010 e29a5fa0 e29a5fa4 win32k!EngMapFontFileFDInternal+0xc6
ef487aec bf836f74 e294f010 e29a5fa0 e29a5fa4 win32k!EngMapFontFileFD+0x15
ef487b00 bf859254 e29a5f90 00000000 bf859242 win32k!bttfdMapFontFileFD+0x23
ef487b14 bf8afd40 00000000 e29a5f90 00000001 win32k!ttfdSemQueryFontTree+0x12
ef487b3c bf8b6877 00000000 e29a5f90 00000001 win32k!PDEVOBJ::QueryFontTree+0x34
ef487b78 bf8b7c5c ef487cd4 ef487c8c ffffffed win32k!PFEOBJ::pfdg+0x6a
ef487c14 bf8079cb ef487ce0 ef487c9c e1592a38 win32k!RFONTOBJ::bRealizeFont+0x1c
ef487ca4 bf807a33 e1592918 00000000 00000002 win32k!RFONTOBJ::bInit+0x29a
ef487cbc bf837a12 ef487ce0 00000000 00000002 win32k!RFONTOBJ::vInit+0x16
ef487cd8 bf837a82 e1cc8008 ef487cf4 ef487d64 win32k!GreGetTextMetricsW+0x28
ef487d50 8054162c 9f01126a 0013df1c 00000044 win32k!NtGdiGetTextMetricsW+0x20
ef487d50 7c90e514 9f01126a 0013df1c 00000044 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0013df60 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!bCreateSection+e9
bf85878f ffb5b0fdffff push dword ptr [ebp-250h]

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: win32k!bCreateSection+e9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a8564c7

FAILURE_BUCKET_ID: 0xC5_2_win32k!bCreateSection+e9

BUCKET_ID: 0xC5_2_win32k!bCreateSection+e9

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054bfcb, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExAllocatePoolWithTag+663
8054bfcb 8b06 mov eax,dword ptr [esi]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 805370d0 to 8054bfcb

STACK_TEXT:
f129cc44 805370d0 00000008 00000001 20707249 nt!ExAllocatePoolWithTag+0x663
f129cc68 804f0e83 00000000 000001fc 20707249 nt!ExAllocatePoolWithQuotaTag+0x46
f129ccb4 8057c87c 0000000b 00000001 f129cd64 nt!IopAllocateIrpPrivate+0x119
f129cd38 8054162c 00002240 00000000 00000000 nt!NtReadFile+0x3f2
f129cd38 7c90e514 00002240 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
2367e664 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExAllocatePoolWithTag+663
8054bfcb 8b06 mov eax,dword ptr [esi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExAllocatePoolWithTag+663

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4a784394

FAILURE_BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+663

BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+663

Followup: MachineOwner
---------
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 28 January 2010 - 08:02 AM

I don't do memory dump log analysis. So before I refer you to start another topic for assistance with that, lets make sure your system is fully cleaned.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users