Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know I'm infected, but I need help


  • Please log in to reply
No replies to this topic

#1 Spidey1980

Spidey1980

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 04 February 2012 - 01:30 AM

Hi there. My girlfriend downloaded a new music downloader that a friend of her's on face book recommended, she won't believe it but that friends facebook was hacked and it was a scam posting.

I use torrents (BitComet) if I want something, I would have never attempted any other source. She now understands to let me research any software she wants and to let me make the decisions on my computer from now on, but my computer is still infected. Something called Spigot has taken over my Firefox and IE, and the downloader itself was from Dotobfuscator. I have uninstalled and fully deleted the offending files, and done scans with both AVG and IOBit's Advanced System Care, and they did what they could but this Trojan/win32 is tricky. I really want to avoid a full system restore. My computer is still running fast, and the only issue is that I can no longer use IOBit's Gamebooster. The virus is using a memory address that one of Gamebooster's .dll needs, so I get an a access violation error. Also there is something in the log call Yontoo; I can't find this anywhere else on my system. Also I have seen it recommended on these forums to get rid of Daemon Tools, however I find it useful, in fact I use the virtual drives for any game (50% of my games) that requires the CD/DVD in so that I can keep my CD/DVD's pristine (maybe I don't actually own some of them :) torrents are wonderful). I await your response before I tell HiJack This to fix anything.

I have been using computers for 25 years, and I know how to be safe; I have NEVER got a virus as nasty as this that I could not handle; or if I did I did a full system restore. I want to avoid that step this time; my hard drive is quite large with a lot on it. Just reinstalling my Steam games library would take several days. I should have never given my girlfriend my admin password; it has now been changed.

I have placed the following slashes before each log for ease of reading, the next set begins the HiJack this log:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Here is the GameBooster bug report; they have never seen this error before from anyone else and could not help me. They recommended a system restore. This log contains all my system info that you might need:

date/time : 2012-02-03, 20:26:52, 690ms
computer name : JON-PC
user name : Jon <admin>
registered owner : Jon
operating system : Windows 7 Tablet PC x64 Service Pack 1 build 7601
system language : English
system up time : 28 minutes 16 seconds
program up time : 2 seconds
processors : 2x AMD Athlon™ II X2 235e Processor
physical memory : 2402/3839 MB (free/total)
free disk space : (C:) 17.94 GB (200 GB total)
display mode : 1600x900, 32 bit
process id : $fec
allocated memory : 54.17 MB
executable : GameBooster.exe
current module : madExcept_.bpl
exec. date/time : 2012-01-05 15:21
version : 3.2.0.1417
compiled with : Delphi 2009
madExcept version : 3.0i
contact name : jon
contact email : akadine_2006@yahoo.com
callstack crc : $581de5de, $110f6f1a, $cfbbac18
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 50008B0B in module 'rtl120.bpl'. Read of address 7EF90000.

main thread ($12e4):
50008b0b +00b rtl120.bpl System @LStrFromPChar
004c4463 +067 GameBooster.exe SteamGameInfo 65 +7 TSteamGameInfo.FindGameInfoItem
004c4c8e +05e GameBooster.exe SteamGameInfo 376 +13 TSteamGameInfo.ParseGameInfo
004c5497 +14b GameBooster.exe SteamGameInfo 633 +43 TSteamGameInfo.GetSteamGames
004c682f +0a7 GameBooster.exe uGameFinder 469 +28 TGameFinder.FindGameWithSteam
004c5ca1 +0d5 GameBooster.exe uGameFinder 242 +32 TGameFinder.LoadGameDB
004c9582 +01a GameBooster.exe uGameFinderController 364 +10 TGameFinderController.DefragToConfigFile
500560a4 +104 rtl120.bpl Classes CheckSynchronize
501f967e +70a vcl120.bpl Forms TApplication.WndProc
75107885 +00a USER32.dll DispatchMessageW
501f9ec7 +0f3 vcl120.bpl Forms TApplication.ProcessMessage
501f9ef2 +00a vcl120.bpl Forms TApplication.ProcessMessages
004cbbda +0ee GameBooster.exe uGameFinderController 1110 +29 TGameFinderController.InitGameList
004cba3d +009 GameBooster.exe uGameFinderController 1062 +1 TGameFinderController.InitGameBoxList
00501198 +108 GameBooster.exe uMainForm 1884 +16 TMainForm.ScanGameBoxList
004ff994 +048 GameBooster.exe uMainForm 1252 +8 TMainForm.AppDelayLoad
50162dbb +00f vcl120.bpl Extctrls TTimer.Timer
50162c9f +02b vcl120.bpl Extctrls TTimer.WndProc
75107885 +00a USER32.dll DispatchMessageW
501f9ec7 +0f3 vcl120.bpl Forms TApplication.ProcessMessage
501f9f0a +00a vcl120.bpl Forms TApplication.HandleMessage
501fa235 +0c9 vcl120.bpl Forms TApplication.Run
76093398 +010 kernel32.dll BaseThreadInitThunk

thread $d8c:
76aa0bd7 +fa KERNELBASE.dll WaitForMultipleObjectsEx
76091a27 +89 kernel32.dll WaitForMultipleObjectsEx
75110864 +00 USER32.dll MsgWaitForMultipleObjectsEx
75110b64 +1a USER32.dll MsgWaitForMultipleObjects
76093398 +10 kernel32.dll BaseThreadInitThunk

thread $ef0:
76093398 +10 kernel32.dll BaseThreadInitThunk

thread $840:
76aa0a8b +092 KERNELBASE.dll WaitForSingleObjectEx
7609118f +03e kernel32.dll WaitForSingleObjectEx
76091143 +00d kernel32.dll WaitForSingleObject
50056986 +13a rtl120.bpl Classes TThread.Synchronize
50056a39 +029 rtl120.bpl Classes TThread.Synchronize
004c8cfd +015 GameBooster.exe uGameScanThread 54 +1 TGameScanThread.Execute
76093398 +010 kernel32.dll BaseThreadInitThunk

thread $4b4:
76093398 +10 kernel32.dll BaseThreadInitThunk

thread $1784:
76093398 +10 kernel32.dll BaseThreadInitThunk

thread $14a8:
76aa0a29 +30 KERNELBASE.dll WaitForSingleObjectEx
7609118f +3e kernel32.dll WaitForSingleObjectEx
76093398 +10 kernel32.dll BaseThreadInitThunk

thread $12a8:
76aa31b5 +5f KERNELBASE.dll SleepEx
76aa3a86 +0a KERNELBASE.dll Sleep
76093398 +10 kernel32.dll BaseThreadInitThunk

modules:
00400000 GameBooster.exe 3.2.0.1417 C:\Program Files (x86)\IObit\Game Booster 3
50000000 rtl120.bpl 12.0.3210.17555 C:\Program Files (x86)\IObit\Game Booster 3
50120000 vcl120.bpl 12.0.3210.17555 C:\Program Files (x86)\IObit\Game Booster 3
50310000 vclx120.bpl 12.0.3210.17555 C:\Program Files (x86)\IObit\Game Booster 3
57000000 madBasic_.bpl C:\Program Files (x86)\IObit\Game Booster 3
57800000 madDisAsm_.bpl C:\Program Files (x86)\IObit\Game Booster 3
59800000 madExcept_.bpl C:\Program Files (x86)\IObit\Game Booster 3
69a10000 ieframe.dll 9.0.8112.16440 C:\Windows\SysWOW64
6c670000 fastprox.dll 6.1.7601.17514 C:\Windows\system32\wbem
6c710000 wbemcomn.dll 6.1.7601.17514 C:\Windows\system32
6d000000 propsys.dll 7.0.7601.17514 C:\Windows\system32
6d200000 gdiplus.dll 6.1.7601.17514 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
6e860000 NTDSAPI.dll 6.1.7600.16385 C:\Windows\system32
6e880000 olepro32.dll 6.1.7601.17514 C:\Windows\system32
6e8a0000 dwmapi.dll 6.1.7600.16385 C:\Windows\system32
6f170000 SXS.DLL 6.1.7601.17514 C:\Windows\system32
6f1d0000 sqlite3.dll C:\Program Files (x86)\IObit\Game Booster 3
6f310000 wbemdisp.dll 6.1.7600.16385 C:\Windows\system32\wbem
6f610000 WINNSI.DLL 6.1.7600.16385 C:\Windows\system32
6f620000 iphlpapi.DLL 6.1.7601.17514 C:\Windows\system32
6f800000 taskMgr.dll 1.1.0.225 C:\Program Files (x86)\IObit\Game Booster 3
6f860000 wbemsvc.dll 6.1.7600.16385 C:\Windows\system32\wbem
6f880000 wmiutils.dll 6.1.7600.16385 C:\Windows\system32\wbem
6f8d0000 RASAPI32.dll 6.1.7600.16385 C:\Windows\system32
6fbb0000 sensapi.dll 6.1.7600.16385 C:\Windows\system32
6fdc0000 wbemprox.dll 6.1.7600.16385 C:\Windows\system32\wbem
6ff40000 uxtheme.dll 6.1.7600.16385 C:\Windows\system32
70280000 rsaenh.dll 6.1.7600.16385 C:\Windows\system32
70ea0000 CRYPTSP.dll 6.1.7600.16385 C:\Windows\system32
718f0000 dnsapi.DLL 6.1.7601.17570 C:\Windows\system32
71990000 PowerConfig.dll 1.1.0.25 C:\Program Files (x86)\IObit\Game Booster 3
724f0000 RpcRtRemote.dll 6.1.7601.17514 C:\Windows\system32
72500000 rtutils.dll 6.1.7601.17514 C:\Windows\system32
72960000 tiptsf.dll 6.1.7600.16385 C:\Program Files (x86)\Common Files\microsoft shared\ink
729c0000 rasman.dll 6.1.7600.16385 C:\Windows\system32
73450000 Secur32.dll 6.1.7601.17725 C:\Windows\system32
73460000 PowrProf.dll 6.1.7600.16385 C:\Windows\system32
735b0000 comctl32.dll 6.10.7601.17514 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
73840000 ntmarta.dll 6.1.7600.16385 C:\Windows\system32
74b00000 profapi.dll 6.1.7600.16385 C:\Windows\system32
74b30000 winmm.dll 6.1.7601.17514 C:\Windows\system32
74b70000 oledlg.dll 6.1.7600.16385 C:\Windows\system32
74b90000 winspool.drv 6.1.7601.17514 C:\Windows\system32
74bf0000 dxhelper.dll 1.0.0.0 C:\Program Files (x86)\IObit\Game Booster 3
74c80000 msimg32.dll 6.1.7600.16385 C:\Windows\system32
74c90000 oleacc.dll 7.0.0.0 C:\Windows\system32
74cd0000 wsock32.dll 6.1.7600.16385 C:\Windows\system32
74ce0000 mpr.dll 6.1.7600.16385 C:\Windows\system32
74d00000 version.dll 6.1.7600.16385 C:\Windows\system32
74dd0000 CRYPTBASE.dll 6.1.7600.16385 C:\Windows\syswow64
74de0000 SspiCli.dll 6.1.7601.17725 C:\Windows\syswow64
74e40000 CLBCatQ.DLL 2001.12.8530.16385 C:\Windows\syswow64
74f30000 SHLWAPI.dll 6.1.7601.17514 C:\Windows\syswow64
74f90000 MSCTF.dll 6.1.7600.16385 C:\Windows\syswow64
75060000 GDI32.dll 6.1.7601.17514 C:\Windows\syswow64
750f0000 USER32.dll 6.1.7601.17514 C:\Windows\syswow64
751f0000 RPCRT4.dll 6.1.7601.17514 C:\Windows\syswow64
752f0000 PSAPI.DLL 6.1.7600.16385 C:\Windows\syswow64
75300000 NSI.dll 6.1.7600.16385 C:\Windows\syswow64
75310000 shell32.dll 6.1.7601.17678 C:\Windows\syswow64
75f90000 IMM32.DLL 6.1.7601.17514 C:\Windows\system32
76080000 kernel32.dll 6.1.7601.17651 C:\Windows\syswow64
76190000 iertutil.dll 9.0.8112.16440 C:\Windows\syswow64
76350000 urlmon.dll 9.0.8112.16440 C:\Windows\syswow64
76470000 USP10.dll 1.626.7601.17514 C:\Windows\syswow64
76510000 Normaliz.dll 6.1.7600.16385 C:\Windows\syswow64
76520000 msvcrt.dll 7.0.7600.16385 C:\Windows\syswow64
765d0000 IMAGEHLP.DLL 6.1.7601.17514 C:\Windows\syswow64
76600000 sechost.dll 6.1.7600.16385 C:\Windows\SysWOW64
76620000 CFGMGR32.dll 6.1.7601.17621 C:\Windows\syswow64
76650000 ole32.dll 6.1.7601.17514 C:\Windows\syswow64
767b0000 DEVOBJ.dll 6.1.7601.17621 C:\Windows\syswow64
768f0000 SETUPAPI.dll 6.1.7601.17514 C:\Windows\syswow64
76a90000 KERNELBASE.dll 6.1.7601.17651 C:\Windows\syswow64
76ae0000 ADVAPI32.dll 6.1.7601.17514 C:\Windows\syswow64
76b80000 WLDAP32.dll 6.1.7601.17514 C:\Windows\syswow64
76bd0000 oleaut32.dll 6.1.7601.17676 C:\Windows\syswow64
76c60000 comdlg32.dll 6.1.7601.17514 C:\Windows\syswow64
76ce0000 WS2_32.dll 6.1.7601.17514 C:\Windows\syswow64
76d20000 wininet.dll 9.0.8112.16440 C:\Windows\syswow64
776d0000 LPK.dll 6.1.7600.16385 C:\Windows\syswow64
77700000 ntdll.dll 6.1.7601.17725 C:\Windows\SysWOW64

processes:
0000 Idle 0 0 0
0004 System 0 0 0
010c smss.exe 0 0 0 normal
0198 csrss.exe 0 0 0 normal
01e0 csrss.exe 1 174 80 normal
01e8 wininit.exe 0 0 0 high
021c services.exe 0 0 0 normal
0234 winlogon.exe 1 6 0 high
0250 lsass.exe 0 0 0 normal
0258 lsm.exe 0 0 0 normal
02bc svchost.exe 0 0 0 normal
0330 svchost.exe 0 0 0 normal
0390 svchost.exe 0 0 0 normal
03b4 svchost.exe 0 0 0 normal
03cc svchost.exe 0 0 0 normal
01e4 svchost.exe 0 0 0 normal
01a4 svchost.exe 0 0 0 normal
04e0 wisptis.exe 1 17 7 high
0558 spoolsv.exe 0 0 0 normal
05a0 svchost.exe 0 0 0 normal
0630 eEBSVC.exe 0 0 0 normal C:\Program Files (x86)\Common Files\EPSON\EBAPI
0744 avgwdsvc.exe 0 0 0 normal C:\Program Files (x86)\AVG\AVG2012
0764 GCalService.exe 0 0 0 normal C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service
0794 E_S50STB.EXE 0 0 0 normal
07d8 E_S50RPB.EXE 0 0 0 normal
0564 S3DCService.exe 0 0 0 normal C:\Program Files (x86)\iZ3D Driver\Win32
05c8 S3DCService.exe 0 0 0 normal
03ec svchost.exe 0 0 0 normal
0778 WLIDSVC.EXE 0 0 0 normal
087c avgnsa.exe 0 0 0 normal
0884 AVGIDSAgent.exe 0 0 0 normal C:\Program Files (x86)\AVG\AVG2012
0890 avgemca.exe 0 0 0 normal
08a0 WLIDSVCM.EXE 0 0 0 normal
0900 avgrsa.exe 0 0 0 normal
0a24 taskhost.exe 1 28 25 normal
0a38 wisptis.exe 1 42 36 high
0a70 TabTip.exe 1 243 66 high
0af8 avgcsrva.exe 0 0 0 normal
0b2c TabTip32.exe 1 4 6 normal C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
0ba4 HPTouchSmartSyncCalReminderApp.exe 1 9 3 normal C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service
09a4 dwm.exe 1 19 2 high
09e4 explorer.exe 1 509 362 normal
0a54 svchost.exe 0 0 0 normal
04bc WmiPrvSE.exe 0 0 0 normal
1080 SoundMAX.exe 1 21 13 normal C:\Program Files (x86)\Analog Devices\SoundMAX
113c SearchIndexer.exe 0 0 0 normal
1144 hpsysdrv.exe 1 9 3 normal C:\Program Files (x86)\Hewlett-Packard\HP Odometer
1150 HPKEYBOARDx.EXE 1 63 71 normal C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard
1158 smax4pnp.exe 1 16 8 normal C:\Program Files (x86)\Analog Devices\Core
1160 FastUserSwitching.exe 1 15 9 normal C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3
1168 avgtray.exe 1 131 37 normal C:\Program Files (x86)\AVG\AVG2012
1188 EEventManager.exe 1 16 15 normal C:\Program Files (x86)\Epson Software\Event Manager
11a8 JAN2OSD.exe 1 23 30 normal C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3
12d8 Keystatus.exe 1 51 24 normal C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard
13dc svchost.exe 0 0 0 normal
137c InputPersonalization.exe 1 9 5 below normal
0930 wmpnetwk.exe 0 0 0 normal
147c HPSA_Service.exe 0 0 0 normal
044c gbtray.exe 1 54 44 normal C:\Program Files (x86)\IObit\Game Booster 3
0df8 firefox.exe 1 490 56 normal C:\Program Files (x86)\Mozilla Firefox
1370 ApplicationUpdater.exe 0 0 0 normal C:\Program Files (x86)\Application Updater
09bc SearchSettings.exe 1 21 16 normal C:\Program Files (x86)\Common Files\Spigot\Search Settings
0d88 plugin-container.exe 1 12 12 normal C:\Program Files (x86)\Mozilla Firefox
0dc0 audiodg.exe 0 0 0
0878 dllhost.exe 1 9 5 normal
0d80 dllhost.exe 0 0 0 normal
0fec GameBooster.exe 1 1529 101 normal C:\Program Files (x86)\IObit\Game Booster 3
0300 WmiPrvSE.exe 0 0 0 normal

hardware:
+ Computer
- ACPI x64-based PC
+ Disk drives
- Multiple Card Reader USB Device
- WDC WD64 00AAKS-65A7B2 SATA Disk Device
+ Display adapters
- ATI Radeon HD 3200 Graphics (driver 8.702.0.0)
+ DriverInterface
- Logitech Driver Interface (driver 5.33.10.0)
- Logitech Driver Interface (driver 5.33.10.0)
+ DVD/CD-ROM drives
- hp CDDVDW TS-T633L SATA CdRom Device
- JCPI 9E3ST63O9IN SCSI CdRom Device
+ Human Interface Devices
- HID-compliant consumer control device
- HID-compliant device
- HID-compliant device
- HID-compliant device
- HID-compliant device
- HID-compliant device
- HID-compliant device
- HID-compliant device
- HID-compliant game controller
- Microsoft eHome Infrared Transceiver
- Microsoft Input Configuration Device
- NextWindow 1950 Touch Screen (driver 2.1.6.9)
- Office Keyboard (driver 1.0.0.0)
- Office Keyboard (driver 1.0.0.0)
- USB Input Device
- USB Input Device
- USB Input Device
+ IDE ATA/ATAPI controllers
- AMD SATA Controller (driver 1.2.100.177)
+ Imaging devices
- HP Webcam
- WSD Scan Device
+ Keyboards
- HID Keyboard Device
+ Mice and other pointing devices
- HID-compliant mouse
- HID-compliant mouse
- Logitech HID-compliant Marble Mouse (driver 5.33.10.0)
+ Monitors
- Generic PnP Monitor
+ Network adapters
- 802.11n Wireless LAN Card (driver 3.0.9.0)
- Microsoft Virtual WiFi Miniport Adapter
- Realtek PCIe GBE Family Controller (driver 7.46.610.2011)
- VirtualBox Host-Only Ethernet Adapter (driver 3.2.10.0)
+ Processors
- AMD Athlon™ II X2 235e Processor
- AMD Athlon™ II X2 235e Processor
+ Sound, video and game controllers
- SoundMAX Integrated Digital HD Audio (driver 6.10.2.7260)
+ Storage controllers
- A0SZJL1V IDE Controller
- MagicISO SCSI Host Controller (driver 2.7.106.0)
+ Storage volume shadow copies
- Generic volume shadow copy
+ System devices
- ACPI Fixed Feature Button
- ACPI Power Button
- ACPI Thermal Zone
- AMD PCI Express (3GIO) Filter Driver (driver 1.3.1.49)
- ATI I/O Communications Processor PCI Bus Controller
- ATI I/O Communications Processor SMBus Controller
- Buttons and OSDs ACPI driver gen2 (driver 7100.0.0.2)
- Composite Bus Enumerator
- Consumer IR Devices
- Direct Application Launch Button
- Direct memory access controller
- EPSON2CF5C3 (Epson Stylus NX420)
- Extended IO Bus
- File as Volume Driver
- High Definition Audio Controller
- High precision event timer
- IPBusEnum Root Enumerator
- Microsoft ACPI-Compliant System
- Microsoft System Management BIOS Driver
- Microsoft Virtual Drive Enumerator Driver
- Motherboard resources
- Motherboard resources
- Motherboard resources
- Motherboard resources
- Motherboard resources
- Numeric data processor
- PCI standard host CPU bridge
- PCI standard host CPU bridge
- PCI standard host CPU bridge
- PCI standard host CPU bridge
- PCI standard host CPU bridge
- PCI standard host CPU bridge
- PCI standard ISA bridge
- PCI standard PCI-to-PCI bridge
- PCI standard PCI-to-PCI bridge
- PCI standard PCI-to-PCI bridge
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- UMBus Enumerator
- UMBus Root Bus Enumerator
- Volume Manager
+ Universal Serial Bus controllers
- eHome Infrared Receiver (USBCIR)
- Standard Enhanced PCI to USB Host Controller
- Standard Enhanced PCI to USB Host Controller
- Standard OpenHCD USB Host Controller
- Standard OpenHCD USB Host Controller
- Standard OpenHCD USB Host Controller
- Standard OpenHCD USB Host Controller
- Standard OpenHCD USB Host Controller
- USB Composite Device
- USB Composite Device
- USB Composite Device
- USB Mass Storage Device
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
+ WSD Print Provider
- WSD Print Device

cpu registers:
eax = 0018f9e8
ebx = 0034ffe8
ecx = 00000000
edx = 7ef90000
esi = 0018fa80
edi = 28a548fd
eip = 50008b0b
esp = 0018f9b4
ebp = 0018f9f0

stack dump:
0018f9b4 00 00 f9 7e 68 44 4c 00 - 00 00 00 00 04 fa 18 00 ...~hDL.........
0018f9c4 70 7c 00 50 f0 f9 18 00 - 80 fa 18 00 ec 43 4c 00 p|.P.........CL.
0018f9d4 64 7b da 03 00 00 00 00 - 00 00 00 00 00 00 00 00 d{..............
0018f9e4 00 00 00 00 00 00 00 00 - 00 00 00 00 44 fa 18 00 ............D...
0018f9f4 93 4c 4c 00 34 fa 18 00 - fd 48 a5 28 fd 9c 10 00 .LL.4....H.(....
0018fa04 50 fa 18 00 70 7c 00 50 - 44 fa 18 00 d0 1e d9 03 P...p|.PD.......
0018fa14 f4 9c 10 00 0c 00 00 00 - 00 00 00 00 00 00 00 00 ................
0018fa24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0018fa34 00 00 00 00 fd 9c 10 00 - fd 48 a5 28 01 00 00 00 .........H.(....
0018fa44 88 fa 18 00 9c 54 4c 00 - f4 9c 10 00 90 fa 18 00 .....TL.........
0018fa54 70 7c 00 50 88 fa 18 00 - e2 0f df 01 00 00 00 00 p|.P............
0018fa64 00 00 00 00 00 00 00 00 - 0b 00 00 00 9c 48 34 00 .............H4.
0018fa74 00 00 6d 02 bc fa 18 00 - ec 43 4c 00 00 00 00 00 ..m......CL.....
0018fa84 00 00 00 00 c0 fa 18 00 - 34 68 4c 00 9c fa 18 00 ........4hL.....
0018fa94 70 7c 00 50 c0 fa 18 00 - c8 fa 18 00 70 7c 00 50 p|.P........p|.P
0018faa4 c0 fa 18 00 00 00 00 00 - e2 0f df 01 00 00 00 00 ................
0018fab4 00 00 00 00 f0 ad 6b 02 - 00 00 00 00 f0 fa 18 00 ......k.........
0018fac4 a6 5c 4c 00 0c fb 18 00 - 70 7c 00 50 f0 fa 18 00 .\L.....p|.P....
0018fad4 00 00 00 00 e2 0f df 01 - d0 1e d9 03 00 00 00 00 ................
0018fae4 00 00 00 00 d0 1e d9 03 - 00 00 00 00 04 fb 18 00 ................

disassembling:
[...]
004c4451 jle loc_4c44e8
004c4457 065 lea eax, [ebp-8]
004c445a mov edx, [esi]
004c445c add edx, ebx
004c445e mov ecx, 0
004c4463 > call -$c3220 ($401248) ; System.@LStrFromPChar (rtl120.bpl)
004c4468 066 lea eax, [ebp-$14]
004c446b mov edx, [ebp-8]
004c446e call -$c310b ($401368) ; System.@UStrFromLStr (rtl120.bpl)
004c4473 mov eax, [ebp-$14]
004c4476 lea edx, [ebp-$10]
[...]

error details:
switching to game box

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

HiJackThis log removed as they are not analyzed in this forum and is rarely used. If you need specialized assistance, you will receive specific instructions for posting in the log forum at that time. ~ OB

Edited by Orange Blossom, 04 February 2012 - 02:01 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users