Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hijacked Browser


  • Please log in to reply
7 replies to this topic

#1 chefbrad

chefbrad

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 07 March 2006 - 10:34 PM

BC guys Help! Not sure whats going on. AVG says I have Java/ByteVerify virus infection. However it seems to have quarentined it because currently it is not detecting any virus. Will this log help?
Thanks, ChefBrad
Logfile of HijackThis v1.99.1
Scan saved at 9:31:00 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dlbucoms.exe
c:\program files\common files\aol\1137202611\ee\aolsoftware.exe
C:\PROGRA~1\ALLTEL~1\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\ALLTEL DSL Check-up Center\bin\mad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://office.microsoft.com/officeupdate/default.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\mllmn.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137202611\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [RealPlayer_update] C:\Program Files\America Online 9.0a\Jiti\Real9_codec_upd.exe restart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ef2e66cc26744b0a35df2ddda322a39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ef2e66cc26744b0a35df2ddda322a39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130593343250
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 08 March 2006 - 05:27 AM

Hello chefbrad, and welcome to BleepingComputer,

We'll try to help you out, just give us some time to study your log.

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 08 March 2006 - 07:24 AM

Hello chefbrad,

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#4 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 08 March 2006 - 05:12 PM

BMThor,
Here are my results as requested:
VundoFix V4.2.29
Scan started at 4:59:04 PM 3/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.bak1

C:\WINDOWS\SYSTEM32\ayadd.bak1
C:\WINDOWS\SYSTEM32\ayadd.bak2
C:\WINDOWS\SYSTEM32\ayadd.tmp
C:\WINDOWS\SYSTEM32\ayadd.ini
C:\WINDOWS\SYSTEM32\ayadd.ini2
C:\WINDOWS\SYSTEM32\nmllm.bak1
C:\WINDOWS\SYSTEM32\nmllm.ini
C:\WINDOWS\SYSTEM32\mllmn.dll
C:\WINDOWS\SYSTEM32\ayadd.ini2
C:\WINDOWS\SYSTEM32\ayadd.bak2
C:\WINDOWS\SYSTEM32\ayadd.tmp
C:\WINDOWS\SYSTEM32\ayadd.ini
C:\WINDOWS\SYSTEM32\ayadd.ini2
Attempting to delete C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mllmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ayadd.bak1
C:\WINDOWS\SYSTEM32\ayadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ayadd.bak2
C:\WINDOWS\SYSTEM32\ayadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ayadd.tmp
C:\WINDOWS\SYSTEM32\ayadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ayadd.ini
C:\WINDOWS\SYSTEM32\ayadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ayadd.ini2
C:\WINDOWS\SYSTEM32\ayadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 5:03:45 PM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137202611\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://office.microsoft.com/officeupdate/default.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137202611\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [RealPlayer_update] C:\Program Files\America Online 9.0a\Jiti\Real9_codec_upd.exe restart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ef2e66cc26744b0a35df2ddda322a39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ef2e66cc26744b0a35df2ddda322a39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130593343250
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thank you again,
ChefBrad

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 08 March 2006 - 05:27 PM

Hello chefbrad,

your log looks better now. :thumbsup:

One more thing though:

Please update your Java VM

Are you still experiencing problems?

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 08 March 2006 - 06:10 PM

HI BMThor,
Thanks for your help! Does this mean I shouldn't have trouble with pop-ups? And what is vundo? Should I reestablish a system restore point? By the way here is my latest HJT log after re installing Java:
Logfile of HijackThis v1.99.1
Scan saved at 6:04:22 PM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137202611\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://office.microsoft.com/officeupdate/default.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137202611\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [RealPlayer_update] C:\Program Files\America Online 9.0a\Jiti\Real9_codec_upd.exe restart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ef2e66cc26744b0a35df2ddda322a39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ef2e66cc26744b0a35df2ddda322a39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130593343250
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

thanks again, ChefBrad

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 09 March 2006 - 07:32 AM

Hello chefbrad,

Does this mean I shouldn't have trouble with pop-ups?

Your log no longer shows traces of malware,
so your pop-up troubles should be gone, hence my question. :thumbsup:

what is vundo?

Symantec definition : Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Should I reestablish a system restore point?

If your system is working OK again, it certainly is a good idea to remove old restore points and create a new one.
I take it you know how to do so? If not, just let me know. :flowers:

Your JavaVM is fine now,
just remember to keep your security measures always up-to-date.

And your welcome. :huh:
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 15 March 2006 - 12:06 AM

Hello I've got a new problem and I think it is related to the old one. IE has been running very slow and causing several errors. I went to DrWatson and copied the log and posted below. Also SpybotSD has been logging two entries that appear to be valid registry keys to me. (I'm probably wrong) should I let it delete them or ignore?
--- Report generated: 2006-03-14 23:26 ---

Windows Security Center.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0


--- Spybot - Search && Destroy version: 1.3 ---
2006-03-10 Includes\Cookies.sbi
2006-03-10 Includes\Dialer.sbi
2006-03-10 Includes\Hijackers.sbi
2006-03-10 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2006-03-10 Includes\Malware.sbi
2006-03-10 Includes\PUPS.sbi
2006-03-10 Includes\Revision.sbi
2006-03-10 Includes\Security.sbi
2006-03-10 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi





Application exception occurred:
App: C:\Program Files\Internet Explorer\IEXPLORE.EXE (pid=1788)
When: 3/13/2006 @ 22:34:49.828
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: DEBRAD
User Name: Brad
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 3 Stepping 4
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: Brad

*----> Task List <----*
0 System Process
4 System
584 smss.exe
632 csrss.exe
656 winlogon.exe
700 services.exe
712 lsass.exe
916 svchost.exe
960 svchost.exe
1080 svchost.exe
1164 smc.exe
1320 Explorer.EXE
1340 svchost.exe
1372 svchost.exe
1660 spoolsv.exe
1856 AOLacsd.exe
1868 avgamsvr.exe
1920 avgupsvc.exe
1944 CTsvcCDA.EXE
1980 MDM.EXE
2004 nvsvc32.exe
148 wdfmgr.exe
252 MsPMSPSv.exe
160 wmiprvse.exe
2028 alg.exe
1184 jusched.exe
1416 CTSysVol.exe
1160 Rundll32.exe
1304 DVDLauncher.exe
1548 sgtray.exe
1452 mmtask.exe
1568 avgcc.exe
1616 avgemc.exe
1748 tfswctrl.exe
1756 gcasServ.exe
2060 RunDLL32.exe
2068 MotiveSB.exe
2220 realsched.exe
2232 AOLSoftware.exe
2240 ViewMgr.exe
2316 em_exec.exe
2332 DSAgnt.exe
2348 ctfmon.exe
2748 DLG.exe
3152 mpbtn.exe
3188 gcasDtServ.exe
1788 IEXPLORE.EXE
3408 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet Explorer\IEXPLORE.EXE
(0000000000a50000 - 0000000000a57000: C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
(0000000001700000 - 0000000001738000: C:\Program Files\Windows Live Toolbar\msntb.dll
(0000000001740000 - 0000000001791000: C:\Program Files\Windows Live Toolbar\isc.dll
(00000000017a0000 - 00000000017da000: C:\Program Files\Windows Live Toolbar\UIComponents.dll
(0000000001ef0000 - 0000000001ef6000: C:\Program Files\Windows Live Toolbar\en-us\mtbres.dll.mui
(0000000001f00000 - 0000000001f0a000: C:\Program Files\Windows Live Toolbar\mtbres.dll
(0000000001f30000 - 0000000001f3b000: C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
(0000000001f70000 - 0000000001f72000: C:\Program Files\Windows Live Toolbar\Components\en-us\WLLocalExtRes.dll.mui
(0000000002190000 - 00000000021dd000: C:\DOCUME~1\Brad\LOCALS~1\Temp\MSNTBFltr.cab.1141429252\msntbfltrMain.dll
(00000000021e0000 - 000000000223a000: C:\DOCUME~1\Brad\LOCALS~1\Temp\MSNTBFltr.cab.1141429252\msntbfltr.dll
(0000000002250000 - 0000000002253000: C:\Program Files\Windows Live Toolbar\Components\WLLocalExtRes.dll
(0000000002370000 - 0000000002635000: C:\WINDOWS\system32\xpsp2res.dll
(0000000004250000 - 00000000042d8000: C:\WINDOWS\system32\shdoclc.dll
(00000000044e0000 - 00000000044ee000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
(0000000004520000 - 00000000045db000: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
(00000000046f0000 - 000000000470f000: C:\WINDOWS\system32\dla\tfswshx.dll
(0000000004710000 - 000000000471f000: C:\WINDOWS\system32\tfswapi.dll
(0000000004720000 - 000000000475b000: C:\WINDOWS\system32\dla\tfswcres.dll
(00000000047b0000 - 00000000047c5000: C:\Program Files\Windows Live Toolbar\Components\WLLocalExt.dll
(00000000047e0000 - 0000000004819000: C:\Program Files\Windows Live Toolbar\cm.dll
(0000000004830000 - 0000000004af6000: C:\WINDOWS\system32\msi.dll
(0000000004c20000 - 0000000004c24000: C:\Program Files\Windows Live Toolbar\en-us\CMRes.dll.mui
(0000000004c30000 - 0000000004c39000: C:\Program Files\Windows Live Toolbar\CMRes.dll
(0000000004c50000 - 0000000004c89000: C:\Program Files\Windows Live Toolbar\Components\msntab.dll
(0000000004cb0000 - 0000000004cc9000: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui
(0000000004cd0000 - 0000000004cd9000: C:\Program Files\Windows Live Toolbar\Components\msntabres.dll
(0000000005000000 - 000000000500b000: C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
(0000000005950000 - 0000000005961000: C:\WINDOWS\IME\SPGRMR.DLL
(0000000005970000 - 00000000059cb000: C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
(0000000005ce0000 - 0000000005cfc000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
(00000000061f0000 - 0000000006205000: C:\WINDOWS\system32\SSSensor.dll
(000000000ae80000 - 000000000aec7000: C:\WINDOWS\system32\wmpdxm.dll
(000000000c720000 - 000000000cc69000: C:\WINDOWS\system32\wmp.dll
(000000000cc70000 - 000000000cfa7000: C:\WINDOWS\system32\wmploc.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010020000: C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHook.dll
(0000000020000000 - 0000000020012000: C:\WINDOWS\system32\browselc.dll
(0000000030000000 - 0000000030222000: C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000004ec50000 - 000000004edf3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINDOWS\system32\umdmxfrm.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005c2c0000 - 000000005c300000: C:\WINDOWS\ime\sptip.dll
(000000005cd70000 - 000000005cd77000: C:\WINDOWS\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000005e310000 - 000000005e31c000: C:\WINDOWS\system32\pngfilt.dll
(000000005edd0000 - 000000005ede7000: C:\WINDOWS\system32\olepro32.dll
(00000000605d0000 - 00000000605d9000: C:\WINDOWS\system32\mslbui.dll
(0000000060a20000 - 0000000060a68000: C:\WINDOWS\system32\PNCRT.dll
(0000000062200000 - 000000006222b000: C:\WINDOWS\system32\rmoc3260.dll
(0000000064690000 - 00000000646cc000: C:\Program Files\Windows Live Toolbar\Tem.dll
(00000000647d0000 - 00000000647ef000: C:\Program Files\Windows Live Toolbar\stmain.dll
(0000000064800000 - 0000000064812000: C:\Program Files\Windows Live Toolbar\msn_slps.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000066880000 - 000000006688c000: C:\WINDOWS\system32\ImgUtil.dll
(0000000066e50000 - 0000000066e90000: C:\WINDOWS\system32\iepeers.dll
(0000000066ee0000 - 0000000066ef2000: C:\WINDOWS\system32\QuickTimeCheck.OCX
(0000000068100000 - 0000000068124000: C:\WINDOWS\system32\dssenh.dll
(000000006bdd0000 - 000000006be06000: C:\WINDOWS\system32\dxtrans.dll
(000000006be10000 - 000000006be6a000: C:\WINDOWS\system32\dxtmsft.dll
(000000006d430000 - 000000006d43a000: C:\WINDOWS\system32\ddrawex.dll
(000000006d600000 - 000000006d62d000: C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\wsock32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\SensApi.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073300000 - 0000000073367000: C:\WINDOWS\system32\vbscript.dll
(0000000073760000 - 00000000737a9000: C:\WINDOWS\system32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\system32\DCIMAN32.dll
(0000000073dd0000 - 0000000073ece000: C:\WINDOWS\system32\MFC42.DLL
(00000000746c0000 - 00000000746e7000: C:\WINDOWS\system32\msls31.dll
(00000000746f0000 - 000000007471a000: C:\WINDOWS\system32\msimtf.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074980000 - 0000000074ab0000: C:\WINDOWS\system32\msxml3.dll
(0000000074c80000 - 0000000074cac000: C:\WINDOWS\system32\OLEACC.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075a70000 - 0000000075a91000: C:\WINDOWS\system32\MSVFW32.dll
(0000000075c50000 - 0000000075cbe000: C:\WINDOWS\system32\jscript.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\mlang.dll
(0000000075e60000 - 0000000075e73000: C:\WINDOWS\system32\cryptnet.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076080000 - 00000000760e5000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076200000 - 0000000076271000: C:\WINDOWS\system32\mshtmled.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076780000 - 0000000076789000: C:\WINDOWS\system32\SHFOLDER.dll
(00000000767f0000 - 0000000076817000: C:\WINDOWS\system32\schannel.dll
(0000000076820000 - 0000000076834000: C:\WINDOWS\system32\HLINK.DLL
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076d80000 - 0000000076d9e000: C:\WINDOWS\system32\DHCPCSVC.DLL
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.DLL
(0000000076f20000 - 0000000076f47000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fb0000 - 0000000076fb8000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc6000: C:\WINDOWS\system32\rasadhlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772ff000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(0000000077760000 - 00000000778ce000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000079170000 - 0000000079196000: C:\WINDOWS\system32\mscoree.dll
(0000000079410000 - 0000000079425000: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
(0000000079480000 - 0000000079499000: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d4a0000 - 000000007d787000: C:\WINDOWS\system32\mshtml.dll

*----> State Dump for Thread Id 0xa68 <----*

eax=731b16b3 ebx=00000000 ecx=0013e2ac edx=7c90eb94 esi=00162e28 edi=00000000
eip=7c90eb94 esp=0013eb7c ebp=0013edd8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHDOCVW.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Internet Explorer\IEXPLORE.EXE -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0013edd8 75faeab5 00162c30 0013ee98 00162c30 ntdll!KiFastSystemCallRet
0013ee6c 75faed7d 00162c30 00162c30 00000000 BROWSEUI!Ordinal107+0xbff6
0013fef0 777e80aa 00162c30 00000000 00000000 BROWSEUI!Ordinal102+0x22c
0013ff10 00402372 001523ba 00000001 00cbd0b8 SHDOCVW!Ordinal211+0xc0ed
0013ff60 00402444 00400000 00000000 001523ba IEXPLORE+0x2372
0013ffc0 7c816d4f 00cbd0b8 00000018 7ffd5000 IEXPLORE+0x2444
0013fff0 00000000 00402451 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013eb7c 18 94 d4 77 99 e9 fa 75 - 98 ee 13 00 00 00 00 00 ...w...u........
000000000013eb8c 00 00 00 00 8c 03 0a 00 - 18 01 00 00 ff ff 00 00 ................
000000000013eb9c ca 3d 8c bf aa 5c 79 00 - 62 01 00 00 d4 01 00 00 .=...\y.b.......
000000000013ebac 02 00 00 00 01 44 00 90 - 28 2e 16 00 00 00 00 00 .....D..(.......
000000000013ebbc 46 02 20 00 78 46 15 00 - 01 00 00 00 00 00 00 00 F. .xF..........
000000000013ebcc 4d 00 69 00 63 00 72 00 - 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
000000000013ebdc 74 00 20 00 49 00 6e 00 - 74 00 65 00 72 00 6e 00 t. .I.n.t.e.r.n.
000000000013ebec 65 00 74 00 20 00 45 00 - 78 00 70 00 6c 00 6f 00 e.t. .E.x.p.l.o.
000000000013ebfc 72 00 65 00 72 00 00 00 - 37 42 2d 31 00 00 00 00 r.e.r...7B-1....
000000000013ec0c 39 44 31 46 2d 30 30 30 - 30 46 38 30 09 00 00 00 9D1F-0000F80....
000000000013ec1c 37 7d 00 00 0c 00 00 00 - dd 43 f6 77 48 53 9c 7c 7}.......C.wHS.|
000000000013ec2c 04 00 00 00 00 00 00 00 - 08 00 00 00 00 00 00 00 ................
000000000013ec3c 18 01 00 00 08 00 00 00 - 78 01 15 00 c0 e4 97 7c ........x......|
000000000013ec4c 60 24 16 00 f8 35 88 7c - a1 43 91 7c 00 00 00 00 `$...5.|.C.|....
000000000013ec5c 08 00 0a 00 66 03 01 00 - 00 00 15 00 40 00 00 00 ....f.......@...
000000000013ec6c 00 00 00 00 e8 03 15 00 - 63 75 00 00 c0 ed 13 00 ........cu......
000000000013ec7c b9 43 f6 77 c0 ed 13 00 - d0 43 f6 77 b8 03 15 00 .C.w.....C.w....
000000000013ec8c 09 00 00 00 d0 78 9e 7c - ae 00 00 00 e8 ec 13 00 .....x.|........
000000000013ec9c d3 9b 91 7c 5a ed 13 00 - 01 00 00 00 00 00 9c 7c ...|Z..........|
000000000013ecac 00 00 00 00 98 89 9e 7c - 00 00 00 00 48 00 00 00 .......|....H...

*----> State Dump for Thread Id 0x6f4 <----*

eax=01765b84 ebx=0218ff04 ecx=7c910732 edx=ffffffff esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=0218fedc ebp=0218ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Windows Live Toolbar\isc.dll -
ChildEBP RetAddr Args to Child
0218ff78 7c809c86 00000002 0218ffac 00000000 ntdll!KiFastSystemCallRet
0218ff94 01765bb1 00000002 0218ffac 00000000 kernel32!WaitForMultipleObjects+0x18
0218ffb4 7c80b50b 018020f0 0013c828 7c90ee18 isc!ISClient__CIscInstallEventHelper__BGEventThread+0x2d
0218ffec 00000000 01765b84 018020f0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000218fedc ab e9 90 7c f2 94 80 7c - 02 00 00 00 04 ff 18 02 ...|...|........
000000000218feec 01 00 00 00 00 00 00 00 - 00 00 00 00 28 c8 13 00 ............(...
000000000218fefc 18 ee 90 7c f0 20 80 01 - 9c 02 00 00 8c 02 00 00 ...|. ..........
000000000218ff0c d7 d1 4f 77 68 68 60 77 - e1 f5 4f 77 8c aa 16 00 ..Owhh`w..Ow....
000000000218ff1c 98 ff 18 02 a0 aa 16 00 - 14 00 00 00 01 00 00 00 ................
000000000218ff2c 00 00 00 00 00 00 00 00 - 10 00 00 00 7b 97 80 7c ............{..|
000000000218ff3c 98 ff 18 02 3c 68 60 77 - 00 50 fd 7f 00 e0 fd 7f ....<h`w.P......
000000000218ff4c f3 f0 4f 77 00 00 00 00 - 04 ff 18 02 98 ff 18 02 ..Ow............
000000000218ff5c 02 00 00 00 f8 fe 18 02 - 3c 68 60 77 dc ff 18 02 ........<h`w....
000000000218ff6c f3 99 83 7c 90 95 80 7c - 00 00 00 00 94 ff 18 02 ...|...|........
000000000218ff7c 86 9c 80 7c 02 00 00 00 - ac ff 18 02 00 00 00 00 ...|............
000000000218ff8c ff ff ff ff 00 00 00 00 - b4 ff 18 02 b1 5b 76 01 .............[v.
000000000218ff9c 02 00 00 00 ac ff 18 02 - 00 00 00 00 ff ff ff ff ................
000000000218ffac 9c 02 00 00 8c 02 00 00 - ec ff 18 02 0b b5 80 7c ...............|
000000000218ffbc f0 20 80 01 28 c8 13 00 - 18 ee 90 7c f0 20 80 01 . ..(......|. ..
000000000218ffcc 00 e0 fd 7f 00 f6 bb 82 - c0 ff 18 02 98 48 9c 82 .............H..
000000000218ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000218ffec 00 00 00 00 00 00 00 00 - 84 5b 76 01 f0 20 80 01 .........[v.. ..
000000000218fffc 00 00 00 00 4d 5a 90 00 - 03 00 00 00 04 00 00 00 ....MZ..........
000000000219000c ff ff 00 00 b8 00 00 00 - 00 00 00 00 40 00 00 00 ............@...

*----> State Dump for Thread Id 0x350 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=0273fcec ebp=0273ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0273ffb4 7c80b50b 00000000 0090ee18 00000000 ntdll!KiFastSystemCallRet
0273ffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000273fcec ab e9 90 7c d5 a0 92 7c - 14 00 00 00 30 fd 73 02 ...|...|....0.s.
000000000273fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 18 ee 90 00 ................
000000000273fd0c 00 00 00 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
000000000273fd1c b8 02 00 00 50 03 00 00 - 14 00 00 00 14 00 00 00 ....P...........
000000000273fd2c 13 00 00 00 b4 02 00 00 - 38 00 00 00 fc 02 00 00 ........8.......
000000000273fd3c 08 03 00 00 24 03 00 00 - 30 03 00 00 3c 03 00 00 ....$...0...<...
000000000273fd4c 60 03 00 00 64 03 00 00 - 6c 03 00 00 78 03 00 00 `...d...l...x...
000000000273fd5c 80 03 00 00 8c 03 00 00 - 98 03 00 00 a4 03 00 00 ................
000000000273fd6c ac 03 00 00 b8 03 00 00 - c4 03 00 00 d0 03 00 00 ................
000000000273fd7c d8 03 00 00 e8 10 00 00 - b0 10 00 00 1c 0e 00 00 ................
000000000273fd8c 4c 0f 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 L...............
000000000273fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000273fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xde4 <----*

eax=769c8831 ebx=0283fef4 ecx=0013c054 edx=0013c308 esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=0283fecc ebp=0283ff68 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USERENV.dll -
ChildEBP RetAddr Args to Child
0283ff68 7c809c86 00000003 76a60310 00000000 ntdll!KiFastSystemCallRet
0283ff84 769c888d 00000003 76a60310 00000000 kernel32!WaitForMultipleObjects+0x18
0283ffb4 7c80b50b 00000000 00000000 00000000 USERENV!UnregisterGPNotification+0x15c
0283ffec 00000000 769c8831 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000283fecc ab e9 90 7c f2 94 80 7c - 03 00 00 00 f4 fe 83 02 ...|...|........
000000000283fedc 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000283feec b8 03 a6 76 77 9b 80 7c - 0c 03 00 00 10 03 00 00 ...vw..|........
000000000283fefc 14 03 00 00 5c fe 83 02 - 6c ff 83 02 6c ff 83 02 ....\...l...l...
000000000283ff0c 18 ee 90 7c 70 05 91 7c - 14 00 00 00 01 00 00 00 ...|p..|........
000000000283ff1c 00 00 00 00 00 00 00 00 - 10 00 00 00 f6 1b 80 7c ...............|
000000000283ff2c 00 00 00 00 00 00 00 00 - 00 50 fd 7f 00 b0 fd 7f .........P......
000000000283ff3c 88 34 15 00 00 00 00 00 - f4 fe 83 02 00 00 00 00 .4..............
000000000283ff4c 03 00 00 00 e8 fe 83 02 - 00 00 00 00 dc ff 83 02 ................
000000000283ff5c f3 99 83 7c 90 95 80 7c - 00 00 00 00 84 ff 83 02 ...|...|........
000000000283ff6c 86 9c 80 7c 03 00 00 00 - 10 03 a6 76 00 00 00 00 ...|.......v....
000000000283ff7c ff ff ff ff 00 00 00 00 - b4 ff 83 02 8d 88 9c 76 ...............v
000000000283ff8c 03 00 00 00 10 03 a6 76 - 00 00 00 00 ff ff ff ff .......v........
000000000283ff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 9c 76 ...............v
000000000283ffac 03 00 00 00 00 00 00 00 - ec ff 83 02 0b b5 80 7c ...............|
000000000283ffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000283ffcc 00 b0 fd 7f 00 f6 bb 82 - c0 ff 83 02 70 66 73 82 ............pfs.
000000000283ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000283ffec 00 00 00 00 00 00 00 00 - 31 88 9c 76 00 00 00 00 ........1..v....
000000000283fffc 00 00 00 00 c8 00 00 00 - da 01 00 00 ff ee ff ee ................

*----> State Dump for Thread Id 0x464 <----*

eax=00000000 ebx=00000000 ecx=03f3fd6c edx=7c90eb94 esi=00182180 edi=00182224
eip=7c90eb94 esp=03f3fe1c ebp=03f3ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
03f3ff80 77e76c22 03f3ffa8 77e76a3b 00182180 ntdll!KiFastSystemCallRet
03f3ff88 77e76a3b 00182180 00000000 0013c794 RPCRT4!I_RpcBCacheFree+0x5ea
03f3ffa8 77e76c0a 0016a0d0 03f3ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
03f3ffb4 7c80b50b 001f1670 00000000 0013c794 RPCRT4!I_RpcBCacheFree+0x5d2
03f3ffec 00000000 77e76bf0 001f1670 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003f3fe1c 99 e3 90 7c 03 67 e7 77 - 5c 04 00 00 70 ff f3 03 ...|.g.w\...p...
0000000003f3fe2c 00 00 00 00 80 6b b6 04 - 54 ff f3 03 48 00 60 00 .....k..T...H.`.
0000000003f3fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fe6c 36 00 00 00 01 00 00 00 - 00 00 00 00 14 00 00 00 6...............
0000000003f3fe7c 01 01 01 01 01 01 01 01 - 01 01 01 01 01 01 01 01 ................
0000000003f3fe8c 01 01 01 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fe9c 00 00 00 00 43 fd 6f 80 - 28 4c 59 b9 27 f4 6f 80 ....C.o.(LY.'.o.
0000000003f3feac 00 0d db ba 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003f3feec 00 00 00 00 ff ff ff ff - 40 c5 87 f8 00 00 00 00 ........@.......
0000000003f3fefc 10 f4 6f 80 e4 54 93 82 - 28 4c 59 b9 00 00 00 00 ..o..T..(LY.....
0000000003f3ff0c 27 f4 6f 80 08 00 00 00 - 46 02 00 00 e8 1b 4e 80 '.o.....F.....N.
0000000003f3ff1c b8 53 93 82 48 53 93 82 - 1e 1c 4e 80 b4 54 93 82 .S..HS....N..T..
0000000003f3ff2c 48 53 93 82 80 ff f3 03 - 99 66 e7 77 4c ff f3 03 HS.......f.wL...
0000000003f3ff3c a9 66 e7 77 ed 10 90 7c - b8 e5 1e 00 70 16 1f 00 .f.w...|....p...
0000000003f3ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x5c8 <----*

eax=00000000 ebx=0413fecc ecx=0413ffa0 edx=7c90eb94 esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=0413fea4 ebp=0413ff40 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\DOCUME~1\Brad\LOCALS~1\Temp\MSNTBFltr.cab.1141429252\msntbfltrMain.dll -
ChildEBP RetAddr Args to Child
0413ff40 7c809c86 00000005 0413ffa0 00000000 ntdll!KiFastSystemCallRet
0413ff5c 021970f3 00000005 0413ffa0 00000000 kernel32!WaitForMultipleObjects+0x18
00000005 00000000 00000000 00000000 00000000 msntbfltrMain!Shutdown+0x2b33

*----> Raw Stack Dump <----*
000000000413fea4 ab e9 90 7c f2 94 80 7c - 05 00 00 00 cc fe 13 04 ...|...|........
000000000413feb4 01 00 00 00 00 00 00 00 - 00 00 00 00 a8 c6 23 03 ..............#.
000000000413fec4 66 d9 dd 77 00 00 00 00 - 84 04 00 00 90 04 00 00 f..w............
000000000413fed4 94 04 00 00 9c 04 00 00 - a0 04 00 00 5c 00 00 00 ............\...
000000000413fee4 20 ff 13 04 28 ff 13 04 - 14 00 00 00 01 00 00 00 ...(...........
000000000413fef4 00 00 00 00 00 00 00 00 - 10 00 00 00 a8 c6 23 03 ..............#.
000000000413ff04 be 94 d4 77 90 d8 d4 77 - 00 50 fd 7f 00 70 fd 7f ...w...w.P...p..
000000000413ff14 00 00 00 00 00 00 00 00 - cc fe 13 04 a0 dc 90 7c ...............|
000000000413ff24 05 00 00 00 c0 fe 13 04 - a0 04 00 00 dc ff 13 04 ................
000000000413ff34 f3 99 83 7c 90 95 80 7c - 00 00 00 00 5c ff 13 04 ...|...|....\...
000000000413ff44 86 9c 80 7c 05 00 00 00 - a0 ff 13 04 00 00 00 00 ...|............
000000000413ff54 ff ff ff ff 00 00 00 00 - 05 00 00 00 f3 70 19 02 .............p..
000000000413ff64 05 00 00 00 a0 ff 13 04 - 00 00 00 00 ff ff ff ff ................
000000000413ff74 28 cf 13 00 ec ff 13 04 - 88 34 15 00 a8 c6 23 03 (........4....#.
000000000413ff84 90 04 00 00 a4 04 00 00 - a0 04 00 00 98 04 00 00 ................
000000000413ff94 9c 04 00 00 8c 04 00 00 - 94 04 00 00 84 04 00 00 ................
000000000413ffa4 90 04 00 00 94 04 00 00 - 9c 04 00 00 a0 04 00 00 ................
000000000413ffb4 99 da 19 02 0b b5 80 7c - a8 c6 23 03 88 34 15 00 .......|..#..4..
000000000413ffc4 28 cf 13 00 a8 c6 23 03 - 00 70 fd 7f 00 f6 bb 82 (.....#..p......
000000000413ffd4 c0 ff 13 04 d8 49 7a 82 - ff ff ff ff f3 99 83 7c .....Iz........|

*----> State Dump for Thread Id 0xbb4 <----*

eax=0175ad00 ebx=0423fef8 ecx=77dd7521 edx=7c90fb71 esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=0423fed0 ebp=0423ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0423ff6c 7c809c86 00000002 0423ffac 00000000 ntdll!KiFastSystemCallRet
0423ff88 0175ad7e 00000002 0423ffac 00000000 kernel32!WaitForMultipleObjects+0x18
0423ffb4 7c80b50b 020066b0 7c90ee18 7c90fb78 isc!ISClient__CIscRegistry__RegisterComCat+0x106
0423ffec 00000000 0175ad00 020066b0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000423fed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe 23 04 ...|...|......#.
000000000423fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 6e 9c 80 7c ............n..|
000000000423fef0 b0 66 00 02 00 00 00 00 - e4 03 00 00 98 02 00 00 .f..............
000000000423ff00 e8 03 00 00 0a d2 4f 77 - 60 68 60 77 d7 d1 4f 77 ......Ow`h`w..Ow
000000000423ff10 68 68 60 77 e1 f5 4f 77 - 14 00 00 00 01 00 00 00 hh`w..Ow........
000000000423ff20 00 00 00 00 00 00 00 00 - 10 00 00 00 0c 72 60 77 .............r`w
000000000423ff30 98 ff 23 04 ad f1 4f 77 - 00 50 fd 7f 00 60 fd 7f ..#...Ow.P...`..
000000000423ff40 3c 68 60 77 00 00 00 00 - f8 fe 23 04 b4 2f 51 77 <h`w......#../Qw
000000000423ff50 02 00 00 00 ec fe 23 04 - 98 ff 23 04 dc ff 23 04 ......#...#...#.
000000000423ff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff 23 04 ...|...|......#.
000000000423ff70 86 9c 80 7c 02 00 00 00 - ac ff 23 04 00 00 00 00 ...|......#.....
000000000423ff80 ff ff ff ff 00 00 00 00 - b4 ff 23 04 7e ad 75 01 ..........#.~.u.
000000000423ff90 02 00 00 00 ac ff 23 04 - 00 00 00 00 ff ff ff ff ......#.........
000000000423ffa0 18 ee 90 7c 78 fb 90 7c - b0 66 00 02 e4 03 00 00 ...|x..|.f......
000000000423ffb0 98 02 00 00 ec ff 23 04 - 0b b5 80 7c b0 66 00 02 ......#....|.f..
000000000423ffc0 18 ee 90 7c 78 fb 90 7c - b0 66 00 02 00 60 fd 7f ...|x..|.f...`..
000000000423ffd0 00 f6 bb 82 c0 ff 23 04 - 98 de 87 82 ff ff ff ff ......#.........
000000000423ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000423fff0 00 00 00 00 00 ad 75 01 - b0 66 00 02 00 00 00 00 ......u..f......
0000000004240000 00 00 00 00 9f 40 13 00 - 10 00 90 01 17 00 b0 01 .....@..........

*----> State Dump for Thread Id 0x228 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=7ffdfc00 esi=00000000 edi=00000000
eip=7c90eb94 esp=043dff9c ebp=043dffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
043dffb4 7c80b50b 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
043dffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000043dff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 3d 04 \..|.y.|......=.
00000000043dffac 00 00 00 00 00 00 00 80 - ec ff 3d 04 0b b5 80 7c ..........=....|
00000000043dffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043dffcc 00 40 fd 7f 00 f6 bb 82 - c0 ff 3d 04 08 5b 9c 82 .@........=..[..
00000000043dffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
00000000043dffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
00000000043dfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000043e00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x8dc <----*

eax=00000001 ebx=7c90e9b4 ecx=71a52c66 edx=7c90eb94 esi=00000000 edi=00000001
eip=7c90eb94 esp=04e6fad0 ebp=04e6fb0c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mswsock.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WS2_32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WININET.dll -
ChildEBP RetAddr Args to Child
04e6fb0c 71a55fa7 00000578 00000588 00000001 ntdll!KiFastSystemCallRet
04e6fc00 71ab2e67 00000001 04e6fe80 04e6fc78 mswsock+0x5fa7
04e6fc50 771d714f 00000001 04e6fe80 04e6fc78 WS2_32!select+0xa7
04e6ffac 771d9283 04e6ffec 7c80b50b 04b25e20 WININET!GetUrlCacheEntryInfoExW+0x892
04e6ffb4 7c80b50b 04b25e20 71ab1404 0000005d WININET!InternetSetStatusCallback+0x1d7
04e6ffec 00000000 771d9276 04b25e20 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000004e6fad0 c0 e9 90 7c a5 3c a5 71 - 78 05 00 00 01 00 00 00 ...|.<.qx.......
0000000004e6fae0 f8 fa e6 04 b0 fb e6 04 - 80 fe e6 04 a0 fb e6 04 ................
0000000004e6faf0 6c fb e6 04 ef d8 90 7c - c0 b4 b3 ff ff ff ff ff l......|........
0000000004e6fb00 48 7c 22 00 00 00 00 00 - 00 00 00 00 00 fc e6 04 H|".............
0000000004e6fb10 a7 5f a5 71 78 05 00 00 - 88 05 00 00 01 00 00 00 ._.qx...........
0000000004e6fb20 04 00 00 00 7c fd e6 04 - 08 68 d3 04 78 fc e6 04 ....|....h..x...
0000000004e6fb30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004e6fb40 01 00 00 00 80 0f 05 fd - ff ff ff ff 00 00 00 00 ................
0000000004e6fb50 00 00 00 00 00 00 00 00 - 40 fb e6 04 48 7c 22 00 ........@...H|".
0000000004e6fb60 33 27 00 00 1c fb e6 04 - 00 00 00 00 dc ff e6 04 3'..............
0000000004e6fb70 34 fc e6 04 b8 44 a5 71 - ff ff ff ff 1c 00 00 00 4....D.q........
0000000004e6fb80 48 7c 22 00 bc fb e6 04 - 78 fc e6 04 7c fd e6 04 H|".....x...|...
0000000004e6fb90 00 00 00 00 a0 fb e6 04 - 00 00 00 00 00 00 00 00 ................
0000000004e6fba0 80 0f 05 fd ff ff ff ff - 01 00 00 00 00 7f 94 07 ................
0000000004e6fbb0 88 05 00 00 19 00 00 00 - e4 fb e6 04 a3 2e ad 71 ...............q
0000000004e6fbc0 58 0b 00 00 dc fb e6 04 - 01 00 00 00 f4 fb e6 04 X...............
0000000004e6fbd0 f0 fb e6 04 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
0000000004e6fbe0 13 fc e6 04 8f 24 00 00 - 24 fb e6 04 0c 15 aa 71 .....$..$......q
0000000004e6fbf0 40 fc e6 04 c8 71 a7 71 - 68 2e a5 71 ff ff ff ff @....q.qh..q....
0000000004e6fc00 50 fc e6 04 67 2e ab 71 - 01 00 00 00 80 fe e6 04 P...g..q........

*----> State Dump for Thread Id 0xf18 <----*

eax=00000000 ebx=00000000 ecx=07781e30 edx=001821bc esi=00182180 edi=00000100
eip=7c90eb94 esp=04fefe1c ebp=04feff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
04feff80 77e76c22 04feffa8 77e76a3b 00182180 ntdll!KiFastSystemCallRet
04feff88 77e76a3b 00182180 019501f0 00000002 RPCRT4!I_RpcBCacheFree+0x5ea
04feffa8 77e76c0a 0016a0d0 04feffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
04feffb4 7c80b50b 04b1ea68 019501f0 00000002 RPCRT4!I_RpcBCacheFree+0x5d2
04feffec 00000000 77e76bf0 04b1ea68 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000004fefe1c 99 e3 90 7c 03 67 e7 77 - 5c 04 00 00 70 ff fe 04 ...|.g.w\...p...
0000000004fefe2c 00 00 00 00 e0 2d 24 00 - 54 ff fe 04 00 00 00 00 .....-$.T.......
0000000004fefe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004fefe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004fefe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004fefe6c 35 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 5...............
0000000004fefe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004fefe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004fefe9c 00 00 00 00 00 00 00 00 - 9c 0b 96 b9 34 ac d7 81 ............4...
0000000004fefeac 74 ce 4d 80 27 f4 6f 80 - 00 ac d7 81 88 0c 96 b9 t.M.'.o.........
0000000004fefebc 00 00 00 00 e8 ac d7 81 - 01 00 00 00 a0 0c 96 b9 ................
0000000004fefecc 78 f9 80 82 00 00 00 00 - 00 00 00 00 00 00 00 00 x...............
0000000004fefedc 00 00 00 00 00 00 00 00 - dc 0b 96 b9 f2 fe 6f 80 ..............o.
0000000004fefeec 00 00 00 00 00 00 00 00 - dc 0b 96 b9 00 00 00 00 ................
0000000004fefefc 88 0c 96 b9 27 f4 6f 80 - 00 0d db ba 01 00 00 00 ....'.o.........
0000000004feff0c a8 8a 76 82 40 f5 df ff - 0d ca 4d 80 38 f5 df ff ..v.@.....M.8...
0000000004feff1c 66 c7 4d 80 00 ac d7 81 - 2f c5 4d 80 6c ad d7 81 f.M...../.M.l...
0000000004feff2c 00 ac d7 81 80 ff fe 04 - 99 66 e7 77 4c ff fe 04 .........f.wL...
0000000004feff3c a9 66 e7 77 ed 10 90 7c - 30 6a b1 04 68 ea b1 04 .f.w...|0j..h...
0000000004feff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xda0 <----*

eax=00000000 ebx=7c901005 ecx=00000118 edx=0000010e esi=000006fc edi=00000000
eip=7c90eb94 esp=0594ff14 ebp=0594ff78 iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mshtml.dll -
ChildEBP RetAddr Args to Child
0594ff78 7c802542 000006fc 000927c0 00000000 ntdll!KiFastSystemCallRet
0594ff8c 7d5236af 000006fc 000927c0 00000005 kernel32!WaitForSingleObject+0x12
0594ffb4 7c80b50b 05442f60 00000005 00249004 mshtml+0x836af
0594ffec 00000000 7d586b9f 05442f60 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000594ff14 c0 e9 90 7c db 25 80 7c - fc 06 00 00 00 00 00 00 ...|.%.|........
000000000594ff24 48 ff 94 05 00 00 00 00 - 60 2f 44 05 05 10 90 7c H.......`/D....|
000000000594ff34 14 00 00 00 01 00 00 00 - 28 b0 b5 04 00 00 00 00 ........(.......
000000000594ff44 00 00 00 00 00 44 5f 9a - fe ff ff ff 00 50 fd 7f .....D_......P..
000000000594ff54 00 a0 fa 7f 48 ff 94 05 - 50 8a 5c 05 28 ff 94 05 ....H...P.\.(...
000000000594ff64 17 0f 51 7d dc ff 94 05 - f3 99 83 7c 08 26 80 7c ..Q}.......|.&.|
000000000594ff74 00 00 00 00 8c ff 94 05 - 42 25 80 7c fc 06 00 00 ........B%.|....
000000000594ff84 c0 27 09 00 00 00 00 00 - b4 ff 94 05 af 36 52 7d .'...........6R}
000000000594ff94 fc 06 00 00 c0 27 09 00 - 05 00 00 00 60 2f 44 05 .....'......`/D.
000000000594ffa4 60 2f 44 05 da 6b 58 7d - 04 90 24 00 ac 6b 58 7d `/D..kX}..$..kX}
000000000594ffb4 ec ff 94 05 0b b5 80 7c - 60 2f 44 05 05 00 00 00 .......|`/D.....
000000000594ffc4 04 90 24 00 60 2f 44 05 - 00 a0 fa 7f 00 16 bc 82 ..$.`/D.........
000000000594ffd4 c0 ff 94 05 a8 b4 d0 81 - ff ff ff ff f3 99 83 7c ...............|
000000000594ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
000000000594fff4 9f 6b 58 7d 60 2f 44 05 - 00 00 00 00 4d 5a 90 00 .kX}`/D.....MZ..
0000000005950004 03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00 ................
0000000005950014 00 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00 ....@...........
0000000005950024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000005950034 00 00 00 00 00 00 00 00 - c0 00 00 00 0e 1f ba 0e ................
0000000005950044 00 b4 09 cd 21 b8 01 4c - cd 21 54 68 69 73 20 70 ....!..L.!This p

*----> State Dump for Thread Id 0xde8 <----*

eax=72d230e8 ebx=0615fef8 ecx=000000d0 edx=04b96fe0 esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=0615fed0 ebp=0615ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
0615ff6c 7c809c86 00000002 0615ffa4 00000000 ntdll!KiFastSystemCallRet
0615ff88 72d2312a 00000002 0615ffa4 00000000 kernel32!WaitForMultipleObjects+0x18
0615ffb4 7c80b50b 00000000 00000000 00150000 wdmaud!midMessage+0x348
0615ffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000615fed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe 15 06 ...|...|........
000000000615fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000615fef0 00 00 00 00 00 00 00 00 - 84 08 00 00 80 08 00 00 ................
000000000615ff00 2a 26 80 7c 18 ff 15 06 - 00 26 80 7c 30 25 80 7c *&.|.....&.|0%.|
000000000615ff10 00 00 00 00 00 00 00 00 - 14 00 00 00 01 00 00 00 ................
000000000615ff20 a8 47 b9 04 00 00 00 00 - 00 00 00 00 68 7b 27 fe .G..........h{'.
000000000615ff30 9c 7b 27 fe 00 50 fd 7f - 00 50 fd 7f 00 70 fa 7f .{'..P...P...p..
000000000615ff40 00 00 00 00 00 00 00 00 - f8 fe 15 06 01 00 00 00 ................
000000000615ff50 02 00 00 00 ec fe 15 06 - ff ff ff ff dc ff 15 06 ................
000000000615ff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff 15 06 ...|...|........
000000000615ff70 86 9c 80 7c 02 00 00 00 - a4 ff 15 06 00 00 00 00 ...|............
000000000615ff80 ff ff ff ff 00 00 00 00 - b4 ff 15 06 2a 31 d2 72 ............*1.r
000000000615ff90 02 00 00 00 a4 ff 15 06 - 00 00 00 00 ff ff ff ff ................
000000000615ffa0 00 00 15 00 84 08 00 00 - 80 08 00 00 01 00 00 00 ................
000000000615ffb0 01 00 00 00 ec ff 15 06 - 0b b5 80 7c 00 00 00 00 ...........|....
000000000615ffc0 00 00 00 00 00 00 15 00 - 00 00 00 00 00 70 fa 7f .............p..
000000000615ffd0 00 f6 bb 82 c0 ff 15 06 - 50 da 70 82 ff ff ff ff ........P.p.....
000000000615ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000615fff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00 .....0.r........
0000000006160000 c1 00 00 00 60 01 00 00 - ff ee ff ee 03 10 00 00 ....`...........

*----> State Dump for Thread Id 0xcf8 <----*

eax=000001c2 ebx=7c901005 ecx=07bb4563 edx=07bb4560 esi=0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users