TheTechGuide Forum
General Category => Tech Clinic => Topic started by: bubbleandsqueek on October 30, 2005, 11:53:59 AM
-
Hi < I'm new to this forum and I've been racking my brain trying to find out what's wrong with my pc. I have a fairly new system purchased this year in March, everything appeared to be going well until about a two weeks after purchase when multiple browser windows appeared, it has happened several times since and I don't have to be on the net for this to happen, as long as I have one browser window up it could happen. There doesn't seem to be any particular pattern to it, I've had up to 60 plus browser windows all pop up simultansly and theres nothing I can do to stop it. I've tried closing each window down one at a time but as quick as I'm closing one another three appear. Then they either all just dissapear as quick as they appeared or the windows stop and then it will allow me to close them down one at a time.
This problem also happened to my old pc, so I'm unsure if its a virus I've picked up or its an IE issue I'm un sure but if anyone can help, your advise would be greatly received.
I'm running Windows XP SP2 and upto date regarding patches. I have the Windows firewall on, plus AntiVir XP, MS Antispyware, AD Adware.
Thanks
-
Hi bubbleandsqueek
Can we take a closer look please
Download hijackthis 1.99.1 from my signature below
Save it too a permanent folder on your hard drive
Open hijackthis.exe
Do a SCAN and Save a Log file--Wait for the results---Save the log----copy and paste the WHOLE contents of the log here.
-
you should also try a program called "spybot". It's good and it's free.
If you like, you can also make it block things "real-time", so it stops stuff b4 they enter ur system.
-
Hi
Thanks for posting a reply, I just came back onto the forum to add another post, my pc also keeps crashing, often leaving the imprint of what ever I was working on on the screen, much like a programme that captures a photo of your desktop, so anyhow I restarted the system using task manager and on restart a box popped up saying "System error 6003". I have no idea what that is never experienced that before but I really think I have a clitch somewhere. Here is a copy of my Hijack log. Thanks guys
Oh just to add I've had spybot and its been on my system until a couple of weeks ago when I cleared everything down on my pc and I've just not got round to installing it again. But I regularly do spyware and virus checks and I use ccleaner, any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 23:33:46, on 30/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.docs.yahoo.com/info/ie6.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab (http://\"http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
-
Thanks again, forgot to log on and I'm showing up as a guest but the last post is from me including the log e,t,c.
-
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Allow any changes if prompted by MAS or Spywareguard
Are you getting any prompts from either Microsoft Anti-Spyware or SpywareGuard about any changes
The realtime protection programs can hinder the fixes we try
I just want to be sure
Also, where are these popups coming from?
Any indication at all where they lead too, what they are asking you to do
-
Edited the above instructions, can you do the above please
-
Hi Guestolo,
Thanks for your help, I've done what you asked, rebooted the pc and no error has appeared. Also I don't get any messages e.t.c. from MS or any other programme running on the system. These browsers that appear are the same browser window over and over, they don't ask for anything to be done, its just the IE window, also I don't know if this is at all of any help but I've noticed that my pc seems to make a strange clicking noise, not the normal running noise. I've done another hijack log for you. Thanks again
Logfile of HijackThis v1.99.1
Scan saved at 00:19:10, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.docs.yahoo.com/info/ie6.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -
C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2
\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!
\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32
\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu- (http://\"http://eu-\")
housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM
FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.ex
-
On a hunch, can you do the following please
First, let's disable your spyware protection programs
Open Microsoft AntiSpyware.
Click on Options>> Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Disable SpywareGuard
Double click the Icon by the clock and click on Options on the left
Under General protection options,
Uncheck all 3 and then save settings
May help to print the rest of these instructions or save them too notepad for reference
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe (http://\"http://swandog46.geekstogo.com/aproposfix.exe\")
Save it to your desktop but do NOT run it yet.
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
-
Hi,
Done everything requested firstly my hijack log then the other text log. Thanks
Logfile of HijackThis v1.99.1
Scan saved at 01:04:22, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.docs.yahoo.com/info/ie6.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab (http://\"http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Nicki and Casey\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!
-
Well that didn't show nothing
Did you disable MAS and SpywareGuard?
Can I see a startup log from Hijackthis please
Open Hijackthis
Open Misc tools section
Put a check in the following
List all minor sections (full)
and
List empty sections (complete)
Then afterwards click the "Generate startup listlog"
A text file will open
Can you copy and paste the whole contents back here please
-
Hi, Sorry I'm such a dope, forgot to disable, done that now, heres the correct log from hijack this.
Logfile of HijackThis v1.99.1
Scan saved at 01:15:45, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.docs.yahoo.com/info/ie6.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab (http://\"http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Heres the other text log again
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Nicki and Casey\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!
Here's the Hijack startup log you asked for. Phew! Glad I mamage to get that all done. Thanks again
StartupList report, 31/10/2005, 01:19:39
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Nicki and Casey\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
CHotkey = zHotkey.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SunKistEM = C:\Program Files\Digital Media Reader\shwiconem.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AVGCtrl = C:\Program Files\AVPersonal\AVGNT.EXE /min
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SPIDER~1.SCR
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/get/shockwa...director/sw.cab (http://\"http://download.macromedia.com/get/shockwave/cabs/director/sw.cab\")
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
[Housecall ActiveX 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab (http://\"http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
[Java Plug-in 1.4.2]
InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab (http://\"http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab\")
[Java Plug-in 1.4.2]
InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab (http://\"http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab\")
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AntiVir Service: "C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
avgntdw: \??\C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS (manual start)
AntiVir Update: "C:\Program Files\AVPersonal\AVWUPSRV.EXE" (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DC21x4 Based Network Adapter Driver: system32\DRIVERS\dc21x4.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Network Connection Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: system32\DRIVERS\p3.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
PrismXL: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
RecAgent: system32\DRIVERS\RecAgent.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
SmartLink AMR_PCI Driver: system32\DRIVERS\slntamr.sys (manual start)
SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Alcor Micro Corp - 9360: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys (manual start)
Alcor Micro Corp - 3239: \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys (manual start)
HP && Alcor Micro Corp for Phison: \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E143CA0C-11C1-494D-A11A-5CF1E34B49C6} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 34,489 bytes
Report generated in 0.141 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
-
Let's try a different tool, with the increase in Rootkit infections
Let's make sure we try all routes
Next, download & run this free tool called RootkitRevealer
Scroll to the bottom of that page for the download link
http://www.sysinternals.com/Utilities/RootkitRevealer.html (http://\"http://www.sysinternals.com/Utilities/RootkitRevealer.html\")
Unzip Rootkitreavler.zip to desktop and double click on RootKitReavler.exe
Once open click on SCAN
Sit back and wait for the scan to finish
Once finished, Save a log of what was found
By clicking File>>Save
By default the log may want to save to the System32 folder
Try and save it too desktop if possible
You should also turn off any program that might activate during the scan, such as a screensaver, an antivirus tool, or any other running program. Switching focus to another program, or allowing other programs to activate during the scan, won't cause your system to crash, but doing so may cause the RootkitRevealer program to display inaccurate or misleading results.
-
Hi,
Downloaded the programme, scanned and saved log.
HKLM\SOFTWARE\Classes\webcal\URL Protocol 14/10/2005 20:57 13 bytes Data mismatch between Windows API and raw hive data.
D: 01/01/1601 00:00 0 bytes Error mounting volume
Also turned off antivir, MS antispy and spywareguard.
Thanks again
-
bump
-
That's not showing me much either
Can you do the following,
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html (http://\"http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com (http://\"http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com\")
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Back in Windows
From my signature below can you run an online virus scan at Panda's
Choose to scan "Local Disks"
When the scan is done, if anything is found, you can Save a report
Can you save one too desktop and post the contents back here
Also, can you download my favorite browser
Mozilla Firefox (http://\"http://www.mozilla.org/\")
After installation run it and let me know if you experience the same popups
-
Hi, I've done everything as requested, no problems were found through Panda online, I also did two checks just to make sure. I've also started using the new browser Firefox. I've not had any re-occurences so far, but the browser prob is unpredictable and it may or may not show up for a while. I'm still finding the pc very slow and still becomes non responding even with the new browser, so i'm still unsure of what the problem is, I usually only ever have one or two windows open plus outlook at any one time, so I can't understand why it stops responding, but this happens all the time, every day, even after keeping the pc clean and junk free, any more suggestions would be great.
Thanks again for all your time and efforts
-
Just for a checkup
When was the last time you defragged your computer?
A great compliment to SpywareGuard is
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
How about your temp files?
Try this great little utility to help out
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files (If applicable)
* Cleanup! All Users
Click OK
Close down your browser window
Press the CleanUp! button to start the program.
When it's done
Restart your computer
Boot up may take a bit longer but this will increase on next bootup
Can you also, just for a double check
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop and copy and paste the contents back here
Also in the Misc tools section of hijackthis>>Open the hosts file manager
Click the "Open in Notepad" button
Copy and paste the text file contents back here
Is everything enabled on startup??
Do you have anything disabled on startup using msconfig?
One more log, Go to START>>RUN>>type in cmd
Hit OK
Copy and paste this into the blackbox that opens
Start /min Hijackthis.exe /autolog
Close down all windows in the background, including this window
Now back at the command prompt, Hit Enter on your keyboard
Wait for a log to open and copy and paste the contents back here
-
Hi Thanks for replying back, Here are the logs as requested.
Ad-Aware SE Personal
Adobe Reader 6.0
AntiVir/XP
Canon i250
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CleanUp!
Digital Media Reader
Easy-WebPrint
eBay Toolbar
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Intel® Extreme Graphics Driver
Intel® PRO Network Connections Drivers
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LimeWire 4.9.35
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Works
Mini Mowbli (remove only)
Mozilla Firefox (1.0.7)
Multimedia Keyboard Driver
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Smart Link 56K Voice Modem
SpeedTouch USB Software
Spider-Man 2 Screensaver 1
SpywareGuard v2.2
Turbo Lister
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Viewpoint Media Player
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger with BT Communicator
Yahoo! Toolbar
ZipGenius 6 (6.0.2.1030)
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Logfile of HijackThis v1.99.1
Scan saved at 21:26:04, on 06/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Nicki and Casey\My Documents\my downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com (http://\"http://uk.yahoo.com\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130954352139 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130954352139\")
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab (http://\"http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD33550-64A7-4855-93C6-818B04F3F14F}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
-
Are you still getting popups with IE?
Go to start>>run>>type in cmd
At the prompt type in ipconfig /flushdns
Hit Enter
If you didn't intentionally install Viewpoint Media player
I would opt to remove it
When was the last time you defragged this machine?
Why didn't you install SpywareBlaster 3.4?
This isn't the same as SpywareGuard, check out the link I supplied
-
Hi again
I've downloaded the spywareblaster and I regulary defrag at least every two weeks. I've not received any more popup windows but its always been unpredictable so I can never tell when and if its going to happen. Also I entered the "cmd" in and done as instructed.
Since I started using the clean up programme, the net has been running alot faster but it still gets stuck and says not responding even on the firefox.
Many thanks again for all your help
-
I forgot to ask, what is viewpoint manager and what application would it be part of.
Thanks again
-
bump bumperty bump
-
bump bump
-
Sorry for the delay, your last log I seen looked good
How's everything on your end now?
-
Hi,
Ok I've now got new probs, whether its too many applications installed or my pc needs restoring I'm unsure but it seems when I close down the pc for now when I turn on the following day the pc makes a lot of loud clicking noises and also the first screen to appear use to be a black screen showing windows xp and a green loading bar underneath now its a black screen with a very basic white loading bar and then I get the windows xp screen and then it loads in as normal, also my antivir icon in the task bar completely dissapeared and I couldn't get it to run or update, so I had to re-install the programme which seems to be working ok now.
IE is crashing all the time now saying not responding and it takes ages before I can disconnect and close down the IE.
I have restored to a previous date hoping this might do the trick, I've not shut off the pc yet but come straight here to let you know whats happening, I've not had any more extra windows as yet. One more thing I had a look at Dr Watson just before I restored and there were three errors, to with IE and one with Realtime.
Hope you can help, I really don't want my pc to crash.
Many thanks again
-
Hi Just thought I'd add the errors made by watson, I don't know if it will help, but thanks for helping.
Application exception occurred:
App: C:\Program Files\Internet Explorer\iexplore.exe (pid=2376)
When: 10/11/2005 @ 11:55:35.109
Exception number: c0000005 (access violation)
Application exception occurred:
App: C:\Program Files\Internet Explorer\iexplore.exe (pid=472)
When: 11/11/2005 @ 19:31:57.953
Exception number: c0000005 (access violation)
-
I suggest that you try the following and see how it goes
Go to Start, and then click Run.
In the copy and paste the following
sfc /scannow
Close down all other windows, including this one
Then go hit OK
Wait for this too finish as it may take some time
-
Hi,
Many thanks again, I've done as requested but still nothing. Browser is getting worse by the minute thats bothe IE and Firefox. Constant crashing, non responsive. I'm miffed. Haven't been able to log on for a while, this web site keeps saying dnerror at the bottom of the screen and the screen is all blank, not sure if thats your website of my pc.
Thanks again for still helping
-
Well, let's see if this shows anything
Using Internet Explorer
From my signature below, run an online virus scan at Kaspersky's
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives
Scan Mail Bases
* Click OK
* Now under select a target to scan:
Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.
Also post a fresh hijackthis log
-
Ok , not been able to log on for ages, but here goes. I've done as requested. ALso I started using IE again and it happened again loads of windows 35 to be exact, it went mad again pop up windows one after the other and I can't do a thing until it stops. I did check Dr watson so I don't know if this will help or not. Again thanks for all your help, I will send in a donation as all your helps been appreciated.
Sorry dr watson is a long file but I don't know if I can make it as an attachment.
Application exception occurred:
App: C:\Program Files\Internet Explorer\iexplore.exe (pid=472)
When: 11/11/2005 @ 19:31:57.953
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: NICKIANDCASEY
User Name: Nicki and Casey
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 3 Stepping 4
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Nicki and Casey
*----> Task List <----*
0 System Process
4 System
356 smss.exe
428 csrss.exe
452 winlogon.exe
496 services.exe
508 lsass.exe
652 svchost.exe
732 svchost.exe
772 svchost.exe
832 svchost.exe
900 svchost.exe
1100 Explorer.EXE
1104 spoolsv.exe
1228 AVGUARD.EXE
1268 AVWUPSRV.EXE
1340 PRISMXL.SYS
1384 slserv.exe
1416 wdfmgr.exe
1676 zHotkey.exe
1684 igfxtray.exe
1700 hkcmd.exe
1708 shwiconem.exe
1728 Dragdiag.exe
1740 gcasServ.exe
1840 realsched.exe
1872 AVGNT.EXE
1956 eBayTBDaemon.exe
2020 gcasDtServ.exe
2028 msmsgs.exe
852 alg.exe
1316 sgmain.exe
1912 sgbhp.exe
540 msimn.exe
472 iexplore.exe
3784 drwtsn32.exe
*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet Explorer\iexplore.exe
(0000000001210000 - 0000000001282000: C:\Program Files\eBay\eBay Toolbar2\wsasc.dll
(00000000012a0000 - 000000000134e000: C:\Program Files\eBay\eBay Toolbar2\site.dll
(0000000001360000 - 000000000136b000: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
(00000000019f0000 - 0000000001cb5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001ee0000 - 0000000001f68000: C:\WINDOWS\system32\shdoclc.dll
(0000000002750000 - 0000000002760000: C:\WINDOWS\system32\mshtmler.dll
(0000000002d20000 - 0000000002d47000: C:\WINDOWS\system32\msls31.dll
(0000000003270000 - 000000000329a000: C:\WINDOWS\system32\msimtf.dll
(00000000032a0000 - 00000000032eb000: C:\WINDOWS\system32\MSCTF.dll
(0000000003460000 - 0000000003477000: C:\WINDOWS\system32\odbcint.dll
(0000000006260000 - 0000000006296000: C:\Program Files\eBay\eBay Toolbar2\eBayToolbarComm.dll
(000000000e500000 - 000000000e579000: C:\WINDOWS\system32\Audiodev.dll
(000000000e580000 - 000000000e5ba000: C:\WINDOWS\system32\WMASF.DLL
(000000000fa60000 - 000000000fca6000: C:\WINDOWS\system32\WMVCore.DLL
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010073000: C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
(0000000011000000 - 000000001102f000: C:\Program Files\SpywareGuard\dlprotect.dll
(000000001c000000 - 000000001c006000: C:\WINDOWS\HKNTDLL.dll
(0000000020000000 - 0000000020012000: C:\WINDOWS\system32\browselc.dll
(0000000030000000 - 0000000030222000: C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
(0000000047df0000 - 0000000047e12000: C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINDOWS\system32\umdmxfrm.dll
(000000005b4a0000 - 000000005b4c8000: C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005cd70000 - 000000005cd77000: C:\WINDOWS\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000005ff20000 - 000000005ff46000: C:\WINDOWS\system32\MSRATING.dll
(000000005ff50000 - 000000005ff61000: C:\WINDOWS\system32\msratelc.dll
(0000000060300000 - 0000000060327000: C:\Program Files\Yahoo!\Shared\YAlertCenter.dll
(0000000062900000 - 0000000062955000: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000065000000 - 0000000065032000: C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll
(0000000065200000 - 0000000065213000: C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000066400000 - 0000000066463000: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR50.DLL
(0000000066880000 - 000000006688c000: C:\WINDOWS\system32\ImgUtil.dll
(0000000066900000 - 0000000066a5c000: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI50.DLL
(0000000066e50000 - 0000000066e90000: C:\WINDOWS\system32\iepeers.dll
(0000000068100000 - 0000000068124000: C:\WINDOWS\system32\dssenh.dll
(000000006bdd0000 - 000000006be06000: C:\WINDOWS\system32\dxtrans.dll
(000000006be10000 - 000000006be6a000: C:\WINDOWS\system32\dxtmsft.dll
(000000006cc60000 - 000000006cc6b000: C:\WINDOWS\system32\dispex.dll
(000000006d430000 - 000000006d43a000: C:\WINDOWS\system32\ddrawex.dll
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\System32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\SensApi.dll
(0000000072b20000 - 0000000072b38000: C:\WINDOWS\system32\plugin.ocx
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073300000 - 0000000073367000: C:\WINDOWS\system32\vbscript.dll
(0000000073420000 - 0000000073574000: C:\WINDOWS\system32\MSVBVM60.DLL
(0000000073760000 - 00000000737a9000: C:\WINDOWS\system32\DDRAW.dll
(0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\system32\DCIMAN32.dll
(0000000073d70000 - 0000000073d83000: C:\WINDOWS\system32\shgina.dll
(0000000073dd0000 - 0000000073ece000: C:\WINDOWS\system32\MFC42.DLL
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(00000000745e0000 - 00000000748a6000: C:\WINDOWS\system32\msi.dll
(0000000074980000 - 0000000074ab0000: C:\WINDOWS\system32\msxml3.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074b80000 - 0000000074c0c000: C:\WINDOWS\system32\printui.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075c50000 - 0000000075cbe000: C:\WINDOWS\system32\jscript.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\mlang.dll
(0000000075e60000 - 0000000075e73000: C:\WINDOWS\system32\cryptnet.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076200000 - 0000000076271000: C:\WINDOWS\system32\mshtmled.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(00000000767f0000 - 0000000076817000: C:\WINDOWS\system32\schannel.dll
(0000000076820000 - 0000000076834000: C:\WINDOWS\system32\HLINK.DLL
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINDOWS\system32\adsldpc.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.DLL
(0000000076f20000 - 0000000076f47000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fb0000 - 0000000076fb8000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc6000: C:\WINDOWS\system32\rasadhlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772ff000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077cc0000 - 0000000077cf2000: C:\WINDOWS\system32\ACTIVEDS.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000079170000 - 0000000079196000: C:\WINDOWS\system32\mscoree.dll
(0000000079410000 - 0000000079425000: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
(0000000079480000 - 0000000079499000: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d4a0000 - 000000007d787000: C:\WINDOWS\system32\mshtml.dll
*----> State Dump for Thread Id 0x36c <----*
eax=00000001 ebx=00000000 ecx=0013eb14 edx=7c90eb94 esi=00163010 edi=00000000
eip=7c90eb94 esp=0013eb7c ebp=0013edd8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHDOCVW.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Internet Explorer\iexplore.exe -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0013edd8 75fae805 00162d88 0013ee98 00162d88 ntdll!KiFastSystemCallRet
0013ee6c 75faeacd 00162d88 00162d88 00000000 BROWSEUI!Ordinal107+0xbf1e
0013fef0 777e7216 00162d88 00000000 00000000 BROWSEUI!Ordinal102+0x22c
0013ff10 00402372 001523ba 00000001 00090000 SHDOCVW!Ordinal101+0x129
0013ff60 00402444 00400000 00000000 001523ba iexplore+0x2372
0013ffc0 7c816d4f 00090000 00116226 7ffd4000 iexplore+0x2444
0013fff0 00000000 00402451 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49
*----> Raw Stack Dump <----*
000000000013eb7c 18 94 d4 77 e9 e6 fa 75 - 98 ee 13 00 00 00 00 00 ...w...u........
000000000013eb8c 00 00 00 00 70 03 0f 00 - 13 01 00 00 01 00 00 00 ....p...........
000000000013eb9c 00 00 00 00 0e 73 0e 02 - a6 01 00 00 c8 00 00 00 .....s..........
000000000013ebac 04 00 00 00 01 44 00 90 - 10 30 16 00 00 00 00 00 .....D...0......
000000000013ebbc 46 03 0c 00 c0 c2 15 00 - 01 00 00 00 00 00 00 00 F...............
000000000013ebcc 4d 00 69 00 63 00 72 00 - 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
000000000013ebdc 74 00 20 00 49 00 6e 00 - 74 00 65 00 72 00 6e 00 t. .I.n.t.e.r.n.
000000000013ebec 65 00 74 00 20 00 45 00 - 78 00 70 00 6c 00 6f 00 e.t. .E.x.p.l.o.
000000000013ebfc 72 00 65 00 72 00 00 00 - 37 42 2d 31 00 00 00 00 r.e.r...7B-1....
000000000013ec0c 39 44 31 46 2d 30 30 30 - 30 46 38 30 03 00 00 00 9D1F-0000F80....
000000000013ec1c 37 7d 00 00 28 2f 16 00 - dd 43 f6 77 48 53 9c 7c 7}..(/...C.wHS.|
000000000013ec2c 04 00 00 00 00 00 00 00 - 08 00 00 00 00 00 00 00 ................
000000000013ec3c c0 01 00 00 08 00 00 00 - 78 01 15 00 c0 e4 97 7c ........x......|
000000000013ec4c b8 25 16 00 f8 35 88 7c - a1 43 91 7c 00 00 00 00 .%...5.|.C.|....
000000000013ec5c 08 00 0a 00 2a 03 01 00 - 00 00 15 00 02 00 00 00 ....*...........
000000000013ec6c 00 00 00 00 80 02 15 00 - b5 4e 00 00 c0 ed 13 00 .........N......
000000000013ec7c b9 43 f6 77 c0 ed 13 00 - d0 43 f6 77 50 02 15 00 .C.w.....C.wP...
000000000013ec8c 04 00 00 00 d0 78 9e 7c - ae 00 00 00 e8 ec 13 00 .....x.|........
000000000013ec9c d3 9b 91 7c 5a ed 13 00 - 08 00 00 00 00 00 9c 7c ...|Z..........|
000000000013ecac 00 00 00 00 98 89 9e 7c - 00 00 00 00 1b 00 00 00 .......|........
*----> State Dump for Thread Id 0x37c <----*
eax=0101fe9c ebx=0101fee4 ecx=8d77784c edx=77239a9c esi=00000000 edi=7ffd4000
eip=7c90eb94 esp=0101febc ebp=0101ff58 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -
ChildEBP RetAddr Args to Child
0101ff58 7c809c86 00000004 0003c260 00000000 ntdll!KiFastSystemCallRet
0101ff74 62934987 00000004 0003c260 00000000 kernel32!WaitForMultipleObjects+0x18
0101ffec 00000000 6290d927 0003a490 00000000 yt+0x34987
*----> Raw Stack Dump <----*
000000000101febc ab e9 90 7c f2 94 80 7c - 04 00 00 00 e4 fe 01 01 ...|...|........
000000000101fecc 01 00 00 00 00 00 00 00 - 00 00 00 00 30 a5 03 00 ............0...
000000000101fedc 90 a4 03 00 90 a4 03 00 - 80 02 00 00 74 02 00 00 ............t...
000000000101feec 78 02 00 00 7c 02 00 00 - 10 2c 94 62 dc ff 01 01 x...|....,.b....
000000000101fefc 18 ee 90 7c 70 05 91 7c - 14 00 00 00 01 00 00 00 ...|p..|........
000000000101ff0c 00 00 00 00 00 00 00 00 - 10 00 00 00 95 01 d6 77 ...............w
000000000101ff1c 54 ff 01 01 00 e0 fd 7f - 00 40 fd 7f 00 e0 fd 7f T........@......
000000000101ff2c 40 ff 01 01 00 00 00 00 - e4 fe 01 01 90 a4 03 00 @...............
000000000101ff3c 04 00 00 00 d8 fe 01 01 - 01 00 00 00 dc ff 01 01 ................
000000000101ff4c f3 99 83 7c 90 95 80 7c - 00 00 00 00 74 ff 01 01 ...|...|....t...
000000000101ff5c 86 9c 80 7c 04 00 00 00 - 60 c2 03 00 00 00 00 00 ...|....`.......
000000000101ff6c ff ff ff ff 00 00 00 00 - ec ff 01 01 87 49 93 62 .............I.b
000000000101ff7c 04 00 00 00 60 c2 03 00 - 00 00 00 00 ff ff ff ff ....`...........
000000000101ff8c 30 a5 03 00 90 a4 03 00 - 32 32 93 62 00 00 00 00 0.......22.b....
000000000101ff9c 90 a4 03 00 df 49 93 62 - 00 00 00 00 90 a4 03 00 .....I.b........
000000000101ffac 5c d9 90 62 02 00 00 00 - 00 00 00 00 0b b5 80 7c \..b...........|
000000000101ffbc 90 a4 03 00 02 00 00 00 - 00 00 00 00 90 a4 03 00 ................
000000000101ffcc 00 e0 fd 7f 00 96 33 81 - c0 ff 01 01 08 20 a9 ff ......3...... ..
000000000101ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000101ffec 00 00 00 00 00 00 00 00 - 27 d9 90 62 90 a4 03 00 ........'..b....
*----> State Dump for Thread Id 0xec <----*
eax=0cc7e408 ebx=7c90e9b4 ecx=7ffdd000 edx=0cc7e4a0 esi=00000000 edi=00000001
eip=7c90eb94 esp=0206fad0 ebp=0206fb0c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\mswsock.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WS2_32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WININET.dll -
ChildEBP RetAddr Args to Child
0206fb0c 71a55fa7 00000380 00000384 00000001 ntdll!KiFastSystemCallRet
0206fc00 71ab2e67 00000001 0206fe80 0206fc78 mswsock+0x5fa7
0206fc50 771d714f 00000001 0206fe80 0206fc78 WS2_32!select+0xa7
0206ffac 771d9283 0206ffec 7c80b50b 001ca138 WININET!GetUrlCacheEntryInfoExW+0x892
0206ffb4 7c80b50b 001ca138 7727a646 001cbeb0 WININET!InternetSetStatusCallback+0x1d7
0206ffec 00000000 771d9276 001ca138 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000206fad0 c0 e9 90 7c a5 3c a5 71 - 80 03 00 00 01 00 00 00 ...|.<.q........
000000000206fae0 f8 fa 06 02 b0 fb 06 02 - 80 fe 06 02 a0 fb 06 02 ................
000000000206faf0 00 fb 06 02 ef d8 90 7c - c0 b4 b3 ff ff ff ff ff .......|........
000000000206fb00 68 4a 19 00 00 00 00 00 - 00 00 00 00 00 fc 06 02 hJ..............
000000000206fb10 a7 5f a5 71 80 03 00 00 - 84 03 00 00 01 00 00 00 ._.q............
000000000206fb20 04 00 00 00 7c fd 06 02 - f0 8c 1b 00 78 fc 06 02 ....|.......x...
000000000206fb30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000206fb40 01 00 00 00 80 0f 05 fd - ff ff ff ff 00 00 15 00 ................
000000000206fb50 00 00 15 00 10 00 00 00 - 40 fb 06 02 00 00 00 00 ........@.......
000000000206fb60 00 00 01 00 05 00 00 00 - 00 00 15 00 08 01 00 00 ................
000000000206fb70 34 fc 06 02 18 ee 90 7c - b4 fb 06 02 1c 00 00 00 4......|........
000000000206fb80 68 4a 19 00 bc fb 06 02 - 78 fc 06 02 7c fd 06 02 hJ......x...|...
000000000206fb90 00 00 00 00 a0 fb 06 02 - 00 00 00 00 00 00 00 00 ................
000000000206fba0 80 0f 05 fd ff ff ff ff - 01 00 00 00 00 00 01 00 ................
000000000206fbb0 84 03 00 00 19 00 00 00 - 38 52 a4 0c 04 fc 06 02 ........8R......
000000000206fbc0 18 ee 90 7c 70 05 91 7c - ff ff ff ff 6d 05 91 7c ...|p..|....m..|
000000000206fbd0 88 99 80 7c 00 00 15 00 - 00 00 00 00 9b 99 80 7c ...|...........|
000000000206fbe0 3c 97 23 77 51 10 00 00 - 24 fb 06 02 0c 15 aa 71 <.#wQ...$......q
000000000206fbf0 40 fc 06 02 c8 71 a7 71 - 68 2e a5 71 ff ff ff ff @....q.qh..q....
000000000206fc00 50 fc 06 02 67 2e ab 71 - 01 00 00 00 80 fe 06 02 P...g..q........
*----> State Dump for Thread Id 0x54c <----*
eax=000000c0 ebx=00000000 ecx=7c800000 edx=00000000 esi=00138b44 edi=02080000
eip=7c90eb94 esp=0216ff9c ebp=0216ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0216ffb4 7c80b50b 00000000 02080000 00138b44 ntdll!KiFastSystemCallRet
0216ffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000216ff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 16 02 \..|.y.|........
000000000216ffac 00 00 00 00 00 00 00 80 - ec ff 16 02 0b b5 80 7c ...............|
000000000216ffbc 00 00 00 00 00 00 08 02 - 44 8b 13 00 00 00 00 00 ........D.......
000000000216ffcc 00 c0 fd 7f 00 96 33 81 - c0 ff 16 02 48 e9 5f ff ......3.....H._.
000000000216ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000216ffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
000000000216fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000217009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021700ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021700bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021700cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x6c <----*
eax=0000009a ebx=00000000 ecx=00000039 edx=00000035 esi=7c97c380 edi=7c97c3a0
eip=7c90eb94 esp=0226ff70 ebp=0226ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0226ffb4 7c80b50b 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
0226ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000226ff70 1b e3 90 7c 9d 07 91 7c - a8 03 00 00 ac ff 26 02 ...|...|......&.
000000000226ff80 b0 ff 26 02 98 ff 26 02 - a0 ff 26 02 00 00 00 00 ..&...&...&.....
000000000226ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 84 d6 0a ................
000000000226ffa0 00 7c 28 e8 ff ff ff ff - 01 00 00 00 69 75 92 7c .|(.........iu.|
000000000226ffb0 b8 33 0d 0b ec ff 26 02 - 0b b5 80 7c 00 00 00 00 .3....&....|....
000000000226ffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 b0 fd 7f ................
000000000226ffd0 00 96 33 81 c0 ff 26 02 - 48 e9 5f ff ff ff ff ff ..3...&.H._.....
000000000226ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000226fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00 ....`..|........
0000000002270000 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270010 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270020 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270030 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270040 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270050 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270060 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270070 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270080 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
0000000002270090 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
00000000022700a0 d8 e9 ec 00 d8 e9 ec 00 - d8 e9 ec 00 d8 e9 ec 00 ................
*----> State Dump for Thread Id 0x810 <----*
eax=ffff0001 ebx=04cbfef8 ecx=04cbffb0 edx=04cbffac esi=00000000 edi=7ffd4000
eip=7c90eb94 esp=04cbfed0 ebp=04cbff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
04cbff6c 7c809c86 00000002 04cbffa4 00000000 ntdll!KiFastSystemCallRet
04cbff88 72d2312a 00000002 04cbffa4 00000000 kernel32!WaitForMultipleObjects+0x18
04cbffb4 7c80b50b 00000000 00000000 00150000 wdmaud!midMessage+0x348
04cbffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
0000000004cbfed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe cb 04 ...|...|........
0000000004cbfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004cbfef0 00 00 00 00 00 00 00 00 - e4 05 00 00 d8 05 00 00 ................
0000000004cbff00 2a 26 80 7c 18 ff cb 04 - 00 26 80 7c 30 25 80 7c *&.|.....&.|0%.|
0000000004cbff10 00 00 00 00 00 00 00 00 - 14 00 00 00 01 00 00 00 ................
0000000004cbff20 00 00 00 00 00 00 00 00 - 10 00 00 00 dc bd 6f ff ..............o.
0000000004cbff30 ff ff ff ff 00 40 fd 7f - 00 40 fd 7f 00 50 fd 7f .....@[email protected]..
0000000004cbff40 00 00 00 00 00 00 00 00 - f8 fe cb 04 dc ff cb 04 ................
0000000004cbff50 02 00 00 00 ec fe cb 04 - ff ff ff ff dc ff cb 04 ................
0000000004cbff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff cb 04 ...|...|........
0000000004cbff70 86 9c 80 7c 02 00 00 00 - a4 ff cb 04 00 00 00 00 ...|............
0000000004cbff80 ff ff ff ff 00 00 00 00 - b4 ff cb 04 2a 31 d2 72 ............*1.r
0000000004cbff90 02 00 00 00 a4 ff cb 04 - 00 00 00 00 ff ff ff ff ................
0000000004cbffa0 00 00 15 00 e4 05 00 00 - d8 05 00 00 02 00 00 00 ................
0000000004cbffb0 00 00 ff ff ec ff cb 04 - 0b b5 80 7c 00 00 00 00 ...........|....
0000000004cbffc0 00 00 00 00 00 00 15 00 - 00 00 00 00 00 50 fd 7f .............P..
0000000004cbffd0 00 96 33 81 c0 ff cb 04 - f8 39 80 ff ff ff ff ff ..3......9......
0000000004cbffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000004cbfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00 .....0.r........
0000000004cc0000 03 fc 0f 00 0f ff 0f 00 - 1f ff 8f 00 3f ff cf 00 ............?...
*----> State Dump for Thread Id 0x5c8 <----*
eax=0aed7bd8 ebx=020e0d5f ecx=0ae34ff0 edx=100f0000 esi=00000510 edi=00000000
eip=7c90eb94 esp=0518ff08 ebp=0518ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mshtml.dll -
ChildEBP RetAddr Args to Child
0518ff6c 7c802542 00000510 ffffffff 00000000 ntdll!KiFastSystemCallRet
0518ff80 7d66a58b 00000510 ffffffff 0013c400 kernel32!WaitForSingleObject+0x12
0518ffa4 7d586c62 00000020 7d586c34 0518ffec mshtml+0x1ca58b
0518ffb4 7c80b50b 02dd3be0 0013c400 00000020 mshtml+0xe6c62
0518ffec 00000000 7d586c27 02dd3be0 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000518ff08 c0 e9 90 7c db 25 80 7c - 10 05 00 00 00 00 00 00 ...|.%.|........
000000000518ff18 00 00 00 00 38 3c dd 02 - e0 3b dd 02 5f 0d 0e 02 ....8<...;.._...
000000000518ff28 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000518ff38 10 00 00 00 90 3a cc 0b - 05 00 00 00 00 40 fd 7f .....:.......@..
000000000518ff48 00 b0 fa 7f 00 00 00 00 - 48 00 00 00 1c ff 18 05 ........H.......
000000000518ff58 db cd 50 7d dc ff 18 05 - f3 99 83 7c 08 26 80 7c ..P}.......|.&.|
000000000518ff68 00 00 00 00 80 ff 18 05 - 42 25 80 7c 10 05 00 00 ........B%.|....
000000000518ff78 ff ff ff ff 00 00 00 00 - a4 ff 18 05 8b a5 66 7d ..............f}
000000000518ff88 10 05 00 00 ff ff ff ff - 00 c4 13 00 e0 3b dd 02 .............;..
000000000518ff98 e0 3b dd 02 00 00 00 00 - ff ff ff ff b4 ff 18 05 .;..............
000000000518ffa8 62 6c 58 7d 20 00 00 00 - 34 6c 58 7d ec ff 18 05 blX} ...4lX}....
000000000518ffb8 0b b5 80 7c e0 3b dd 02 - 00 c4 13 00 20 00 00 00 ...|.;...... ...
000000000518ffc8 e0 3b dd 02 00 b0 fa 7f - 00 96 33 81 c0 ff 18 05 .;........3.....
000000000518ffd8 00 7f a1 ff ff ff ff ff - f3 99 83 7c 18 b5 80 7c ...........|...|
000000000518ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 27 6c 58 7d ............'lX}
000000000518fff8 e0 3b dd 02 00 00 00 00 - 07 07 07 07 07 07 07 07 .;..............
0000000005190008 07 07 07 07 07 07 07 07 - 07 07 07 07 07 07 07 07 ................
0000000005190018 07 00 00 00 07 07 07 07 - 07 07 07 07 07 07 07 07 ................
0000000005190028 07 07 07 07 07 07 07 07 - 07 07 07 07 07 00 00 00 ................
0000000005190038 07 07 07 07 07 07 07 07 - 07 07 07 07 07 07 07 07 ................
*----> State Dump for Thread Id 0x9e8 <----*
eax=000000c0 ebx=00000000 ecx=7c916de8 edx=7c90ee18 esi=00000000 edi=00000001
eip=7c90eb94 esp=052ffcec ebp=052fffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
052fffb4 7c80b50b 00000000 00000000 ffffffff ntdll!KiFastSystemCallRet
052fffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
00000000052ffcec ab e9 90 7c d5 a0 92 7c - 15 00 00 00 30 fd 2f 05 ...|...|....0./.
00000000052ffcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffd0c ff ff ff ff 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
00000000052ffd1c bc 06 00 00 e8 09 00 00 - 15 00 00 00 15 00 00 00 ................
00000000052ffd2c 14 00 00 00 b8 06 00 00 - b4 06 00 00 38 00 00 00 ............8...
00000000052ffd3c f8 06 00 00 04 07 00 00 - 20 07 00 00 2c 07 00 00 ........ ...,...
00000000052ffd4c 38 07 00 00 58 07 00 00 - 60 07 00 00 68 07 00 00 8...X...`...h...
00000000052ffd5c 74 07 00 00 7c 07 00 00 - 88 07 00 00 94 07 00 00 t...|...........
00000000052ffd6c a0 07 00 00 a8 07 00 00 - b4 07 00 00 c0 07 00 00 ................
00000000052ffd7c cc 07 00 00 d4 07 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000052ffe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0xa8 <----*
eax=769c8831 ebx=053ffef4 ecx=0226f600 edx=0226f8b4 esi=00000000 edi=7ffd4000
eip=7c90eb94 esp=053ffecc ebp=053fff68 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USERENV.dll -
ChildEBP RetAddr Args to Child
053fff68 7c809c86 00000003 76a60310 00000000 ntdll!KiFastSystemCallRet
053fff84 769c888d 00000003 76a60310 00000000 kernel32!WaitForMultipleObjects+0x18
053fffb4 7c80b50b 00000000 00000000 00000000 USERENV!UnregisterGPNotification+0x15c
053fffec 00000000 769c8831 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
00000000053ffecc ab e9 90 7c f2 94 80 7c - 03 00 00 00 f4 fe 3f 05 ...|...|......?.
00000000053ffedc 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000053ffeec b8 03 a6 76 77 9b 80 7c - 08 07 00 00 0c 07 00 00 ...vw..|........
00000000053ffefc 10 07 00 00 5c fe 3f 05 - 6c ff 3f 05 6c ff 3f 05 ....\.?.l.?.l.?.
00000000053fff0c 18 ee 90 7c 70 05 91 7c - 14 00 00 00 01 00 00 00 ...|p..|........
00000000053fff1c 00 00 00 00 00 00 00 00 - 10 00 00 00 f6 1b 80 7c ...............|
00000000053fff2c 00 00 00 00 00 00 00 00 - 00 40 fd 7f 00 90 fa 7f .........@......
00000000053fff3c d0 e0 15 00 00 00 00 00 - f4 fe 3f 05 00 00 00 00 ..........?.....
00000000053fff4c 03 00 00 00 e8 fe 3f 05 - 00 00 00 00 dc ff 3f 05 ......?.......?.
00000000053fff5c f3 99 83 7c 90 95 80 7c - 00 00 00 00 84 ff 3f 05 ...|...|......?.
00000000053fff6c 86 9c 80 7c 03 00 00 00 - 10 03 a6 76 00 00 00 00 ...|.......v....
00000000053fff7c ff ff ff ff 00 00 00 00 - b4 ff 3f 05 8d 88 9c 76 ..........?....v
00000000053fff8c 03 00 00 00 10 03 a6 76 - 00 00 00 00 ff ff ff ff .......v........
00000000053fff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 9c 76 ...............v
00000000053fffac 03 00 00 00 00 00 00 00 - ec ff 3f 05 0b b5 80 7c ..........?....|
00000000053fffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000053fffcc 00 90 fa 7f 00 96 33 81 - c0 ff 3f 05 00 27 72 ff ......3...?..'r.
00000000053fffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
00000000053fffec 00 00 00 00 00 00 00 00 - 31 88 9c 76 00 00 00 00 ........1..v....
00000000053ffffc 00 00 00 00 00 00 00 00 - 67 00 6f 00 6e 00 7a 00 ........g.o.n.z.
*----> State Dump for Thread Id 0x834 <----*
eax=0000bcf5 ebx=00002a8c ecx=0000c0c1 edx=00001818 esi=0e25ff98 edi=77d51042
eip=7c90eb94 esp=0e25ff54 ebp=0e25ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0e25ff78 76b44e3d 0e25ff98 00000000 00000000 ntdll!KiFastSystemCallRet
0e25ffb4 7c80b50b 00002a8c 00000200 0000002b WINMM!PlaySoundW+0x7e6
0e25ffec 00000000 76b44dd6 00002a8c 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000e25ff54 be 91 d4 77 82 10 d5 77 - 98 ff 25 0e 00 00 00 00 ...w...w..%.....
000000000e25ff64 00 00 00 00 00 00 00 00 - 8c 2a 00 00 42 10 d5 77 .........*..B..w
000000000e25ff74 00 00 00 00 b4 ff 25 0e - 3d 4e b4 76 98 ff 25 0e ......%.=N.v..%.
000000000e25ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
000000000e25ff94 2b 00 00 00 32 04 2b 00 - bc 03 00 00 e8 16 0d 0b +...2.+.........
000000000e25ffa4 00 00 00 00 66 11 0e 02 - 2d 02 00 00 2d 02 00 00 ....f...-...-...
000000000e25ffb4 ec ff 25 0e 0b b5 80 7c - 8c 2a 00 00 00 02 00 00 ..%....|.*......
000000000e25ffc4 2b 00 00 00 8c 2a 00 00 - 00 70 fa 7f 00 96 33 81 +....*...p....3.
000000000e25ffd4 c0 ff 25 0e c0 04 93 ff - ff ff ff ff f3 99 83 7c ..%............|
000000000e25ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
000000000e25fff4 d6 4d b4 76 8c 2a 00 00 - 00 00 00 00 00 00 00 00 .M.v.*..........
000000000e260004 67 00 6f 00 6e 00 7a 00 - 61 00 6c 00 6c 00 69 00 g.o.n.z.a.l.l.i.
000000000e260014 73 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 s...............
000000000e260024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e260084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x124 <----*
eax=0c05a820 ebx=00000000 ecx=0c05a820 edx=29cf0007 esi=001b5c08 edi=00000100
eip=7c90eb94 esp=0255fe1c ebp=0255ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0255ff80 77e76c22 0255ffa8 77e76a3b 001b5c08 ntdll!KiFastSystemCallRet
0255ff88 77e76a3b 001b5c08 0e05fc98 0c39a800 RPCRT4!I_RpcBCacheFree+0x5ea
0255ffa8 77e76c0a 0016a230 0255ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0255ffb4 7c80b50b 0c39a800 0e05fc98 0c39a800 RPCRT4!I_RpcBCacheFree+0x5d2
0255ffec 00000000 77e76bf0 0c39a800 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000255fe1c 99 e3 90 7c 03 67 e7 77 - d4 03 00 00 70 ff 55 02 ...|.g.w....p.U.
000000000255fe2c 00 00 00 00 50 0e bd 0a - 54 ff 55 02 80 07 00 00 ....P...T.U.....
000000000255fe3c 00 b4 00 81 00 00 00 00 - 9c 36 50 c0 18 b2 8f ff .........6P.....
000000000255fe4c 2a 63 00 00 02 bb 89 f0 - 00 00 4e 80 2a 63 00 00 *c........N.*c..
000000000255fe5c 18 b2 8f ff 00 a0 fd 7f - fc 07 30 c0 68 ff 1f c0 ..........0.h...
000000000255fe6c 45 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 E...............
000000000255fe7c 00 00 00 00 00 00 00 00 - 28 bc 89 f0 8e b5 4e 80 ........(.....N.
000000000255fe8c fc 07 30 c0 28 bc 89 f0 - 06 b4 4e 80 00 a0 fd 7f ..0.(.....N.....
000000000255fe9c 00 00 00 00 00 00 00 00 - e0 a8 1c 81 20 b0 8f ff ............ ...
000000000255feac 01 b0 8f ff 00 00 00 00 - 68 ff 1f c0 00 00 00 00 ........h.......
000000000255febc 83 db e5 7a ff ff 45 02 - 00 00 10 00 5f 24 00 00 ...z..E....._$..
000000000255fecc ec b0 8f ff 20 b0 8f ff - 6e 94 20 00 00 00 00 00 .... ...n. .....
000000000255fedc 00 00 46 02 3c bb 89 f0 - 01 00 00 00 ff ff ff ff ..F.<...........
000000000255feec 90 24 4e 80 00 a0 fd 7f - ff ff ff ff 22 89 56 80 .$N.........".V.
000000000255fefc ec e7 4d 80 ff ff ff ff - b8 bc 89 f0 bc bc 89 f0 ..M.............
000000000255ff0c 00 80 00 00 14 bd 89 f0 - bc 51 63 ff 24 bc 89 f0 .........Qc.$...
000000000255ff1c b2 c2 4d 80 ba c2 4d 80 - 8c 51 63 ff 20 50 63 ff ..M...M..Qc. Pc.
000000000255ff2c 54 50 63 ff 80 ff 55 02 - 99 66 e7 77 4c ff 55 02 TPc...U..f.wL.U.
000000000255ff3c a9 66 e7 77 ed 10 90 7c - c0 81 2c 0c 00 a8 39 0c .f.w...|..,...9.
000000000255ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......
*----> State Dump for Thread Id 0x940 <----*
eax=6bddadfd ebx=0edb033c ecx=7c910732 edx=00150000 esi=00000000 edi=ffffffff
eip=7c90eb94 esp=0e6bff0c ebp=0e6bff38 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\dxtrans.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0e6bff38 6bddae39 00002f04 0e6bff84 0e6bff88 ntdll!KiFastSystemCallRet
0e6bffb4 7c80b50b 0edb033c ffffffff 7c90fb71 dxtrans+0xae39
0e6bffec 00000000 6bddadfd 0edb033c 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000e6bff0c 1b e3 90 7c d9 cb 80 7c - 04 2f 00 00 88 ff 6b 0e ...|...|./....k.
000000000e6bff1c 50 ff 6b 0e 30 ff 6b 0e - 00 00 00 00 71 fb 90 7c P.k.0.k.....q..|
000000000e6bff2c ff ff ff ff 3c 03 db 0e - 02 00 00 00 b4 ff 6b 0e ....<.........k.
000000000e6bff3c 39 ae dd 6b 04 2f 00 00 - 84 ff 6b 0e 88 ff 6b 0e 9..k./....k...k.
000000000e6bff4c 8c ff 6b 0e ff ff ff ff - ff ff ff ff 71 fb 90 7c ..k.........q..|
000000000e6bff5c 3c 03 db 0e b8 18 4f 80 - 00 00 00 00 00 00 00 00 <.....O.........
000000000e6bff6c 58 53 4e 80 e7 e2 6e 80 - 58 b6 1d 81 50 3d a2 f0 XSN...n.X...P=..
000000000e6bff7c 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................
000000000e6bff8c 20 b0 8f ff 3c 03 db 0e - 00 00 00 00 00 00 00 00 ...<...........
000000000e6bff9c 54 ff 6b 0e 81 a8 4f 80 - dc ff 6b 0e bb 4f df 6b T.k...O...k..O.k
000000000e6bffac 38 af dd 6b ff ff ff ff - ec ff 6b 0e 0b b5 80 7c 8..k......k....|
000000000e6bffbc 3c 03 db 0e ff ff ff ff - 71 fb 90 7c 3c 03 db 0e <.......q..|<...
000000000e6bffcc 00 e0 fa 7f 00 96 33 81 - c0 ff 6b 0e 60 f7 88 ff ......3...k.`...
000000000e6bffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000e6bffec 00 00 00 00 00 00 00 00 - fd ad dd 6b 3c 03 db 0e ...........k<...
000000000e6bfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e6c000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e6c001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e6c002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000e6c003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x9a8 <----*
eax=6bddadfd ebx=0edb033c ecx=7c910732 edx=00150000 esi=00000000 edi=ffffffff
eip=7c90eb94 esp=0f6aff0c ebp=0f6aff38 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0f6aff38 6bddae39 00002f04 0f6aff84 0f6aff88 ntdll!KiFastSystemCallRet
0f6affb4 7c80b50b 0edb033c ffffffff 7c90fb71 dxtrans+0xae39
0f6affec 00000000 6bddadfd 0edb033c 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> Raw Stack Dump <----*
000000000f6aff0c 1b e3 90 7c d9 cb 80 7c - 04 2f 00 00 88 ff 6a 0f ...|...|./....j.
000000000f6aff1c 50 ff 6a 0f 30 ff 6a 0f - 00 00 00 00 71 fb 90 7c P.j.0.j.....q..|
000000000f6aff2c ff ff ff ff 3c 03 db 0e - 02 00 00 00 b4 ff 6a 0f ....<.........j.
000000000f6aff3c 39 ae dd 6b 04 2f 00 00 - 84 ff 6a 0f 88 ff 6a 0f 9..k./....j...j.
000000000f6aff4c 8c ff 6a 0f ff ff ff ff - ff ff ff ff 71 fb 90 7c ..j.........q..|
000000000f6aff5c 3c 03 db 0e b8 18 4f 80 - 00 00 00 00 00 00 00 00 <.....O.........
000000000f6aff6c 58 53 4e 80 e7 e2 6e 80 - 20 80 7b ff 50 5d 0c f0 XSN...n. .{.P]..
000000000f6aff7c 00 00 00 00 58 53 4e 80 - 01 e2 6e 80 00 00 00 00 ....XSN...n.....
000000000f6aff8c 20 b0 8f ff 3c 03 db 0e - 00 00 00 00 00 00 00 00 ...<...........
000000000f6aff9c 54 ff 6a 0f 81 a8 4f 80 - dc ff 6a 0f bb 4f df 6b T.j...O...j..O.k
000000000f6affac 38 af dd 6b ff ff ff ff - ec ff 6a 0f 0b b5 80 7c 8..k......j....|
00000000
-
Can I see a fresh Hijackthis log
Also, what popups are these that your seeing
What are they advertising and where from?
Could you also
Right click on and Save Target as or Save link as
Silent Runners.vbs (http://\"http://www.silentrunners.org/Silent%20Runners.vbs\") to your desktop and double click on it to run.
Don't click anything on the Yes or No prompt, it will continue to run
If prompted by your AV, please let this script run, we are just collecting information
This will create a text file on your desktop
Open the text file and copy and paste the contents back here
NOTE: let silentrunners completely finish, it should prompt when it is done