Jump to content


Photo

Damn right click bug?


  • Please log in to reply
2 replies to this topic

#1 aWe

aWe

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 03:37 PM

Hi im new here hoping someone could help me out.
ive been searching a reading forums for weeks now and nothing ive tried is working any info or help will be helpful.
well heres my problem, im too sure when it staarted happening but today i was thinking it might have something to do when i updated my bios with some fixed aspi tables on it? im not sure but it seems that a lot of other people are experiencing the same problem. i can browse my folders in windows explorer double clicking works, only thing is that when i right click on a file to move delete or rename the file explorer crashes and gives me this error report in drwatson:

Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=3984)
When: 6/24/2004 @ 10:16:48.843
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: OEM
User Name: ******
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 6 Model 6 Stepping 5
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: *****
Registered Owner: ********

*----> Task List <----*
0 System Process
4 System
500 smss.exe
556 csrss.exe
596 winlogon.exe
640 services.exe
652 lsass.exe
836 svchost.exe
912 svchost.exe
1044 svchost.exe
1072 svchost.exe
1212 spoolsv.exe
1624 alg.exe
1660 gearsec.exe
1684 mcvsrte.exe
1736 netsvc.exe
1748 nvsvc32.exe
1880 svcmon.exe
452 evntsvc.exe
492 jusched.exe
616 mcvsshld.exe
704 mcvsescn.exe
868 mcagent.exe
904 devldr32.exe
936 Bandwidth Monitor Pro.exe
964 PopUpWasher.exe
944 SpySweeper.exe
1000 hfxp.exe
1056 MsnMsgr.Exe
268 mcshield.exe
2224 mcvsftsn.exe
2388 msmsgs.exe
2288 mcmnhdlr.exe
2448 mghtml.exe
2944 IEXPLORE.EXE
440 taskmgr.exe
3984 explorer.exe
3000 drwtsn32.exe

*----> Module List <----*
(0000000000820000 - 000000000084b000: C:\WINDOWS\System32\msctfime.ime
(0000000000d00000 - 0000000000d0c000: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
(0000000001000000 - 00000000010f8000: C:\WINDOWS\explorer.exe
(0000000001340000 - 0000000001541000: C:\WINDOWS\System32\msi.dll
(00000000015c0000 - 00000000015df000: C:\WINDOWS\PopUpWasher21.dll
(0000000001620000 - 000000000163d000: c:\progra~1\mcafee.com\vso\mcvsshl.dll
(0000000001650000 - 0000000001654000: c:\progra~1\mcafee.com\vso\ShlRes.dll
(0000000007610000 - 0000000007627000: C:\PROGRA~1\WINDOW~2\wmpband.dll
(000000000ffd0000 - 000000000fff3000: C:\WINDOWS\System32\rsaenh.dll
(0000000010000000 - 000000001001c000: c:\progra~1\mcafee.com\vso\McVSSkt.dll
(000000001a400000 - 000000001a47a000: C:\WINDOWS\system32\urlmon.dll
(00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(0000000036d30000 - 0000000036d49000: C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
(00000000559e0000 - 0000000055a51000: C:\WINDOWS\System32\themeui.dll
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\UxTheme.dll
(00000000605f0000 - 00000000605fd000: C:\WINDOWS\System32\MSISIP.DLL
(00000000629c0000 - 00000000629c8000: C:\WINDOWS\System32\LPK.DLL
(0000000063000000 - 0000000063096000: C:\WINDOWS\system32\WININET.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000070eb0000 - 0000000070eb7000: C:\WINDOWS\System32\asfsipc.dll
(0000000071500000 - 00000000715fd000: C:\WINDOWS\System32\BROWSEUI.dll
(0000000071700000 - 0000000071849000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\System32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\System32\WS2_32.dll
(0000000071b20000 - 0000000071b31000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1d000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\System32\NETAPI32.dll
(0000000071c80000 - 0000000071c86000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071ccc000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce6000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5b000: C:\WINDOWS\System32\actxprxy.dll
(0000000072430000 - 0000000072442000: C:\WINDOWS\System32\browselc.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000072fa0000 - 0000000072ffa000: C:\WINDOWS\System32\USP10.dll
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\WINSPOOL.DRV
(00000000746f0000 - 0000000074716000: C:\WINDOWS\System32\Msimtf.dll
(0000000074720000 - 0000000074764000: C:\WINDOWS\System32\MSCTF.dll
(0000000074ad0000 - 0000000074ad7000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074af0000 - 0000000074af9000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b00000 - 0000000074b20000: C:\WINDOWS\System32\stobject.dll
(0000000074b30000 - 0000000074b71000: C:\WINDOWS\System32\webcheck.dll
(0000000074b80000 - 0000000074c02000: C:\WINDOWS\System32\printui.dll
(0000000074ea0000 - 0000000074eb0000: C:\WINDOWS\System32\wshext.dll
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075cf0000 - 0000000075e81000: C:\WINDOWS\system32\NETSHELL.dll
(0000000075e90000 - 0000000075f37000: C:\WINDOWS\System32\SXS.DLL
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\appHelp.dll
(0000000075f60000 - 0000000075f66000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000076170000 - 00000000761f8000: C:\WINDOWS\System32\shdoclc.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 0000000076348000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\System32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661b000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076620000 - 000000007666e000: C:\WINDOWS\System32\cscui.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000076980000 - 0000000076987000: C:\WINDOWS\System32\LINKINFO.dll
(0000000076990000 - 00000000769b4000: C:\WINDOWS\System32\ntshrui.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076c00000 - 0000000076c2d000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5b000: C:\WINDOWS\System32\WINTRUST.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d77000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINDOWS\System32\adsldpc.dll
(0000000076e40000 - 0000000076e6f000: C:\WINDOWS\System32\ACTIVEDS.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\SHELL32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007c890000 - 000000007c911000: C:\WINDOWS\System32\CLBCATQ.DLL
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

*----> State Dump for Thread Id 0x198 <----*

eax=0006ecc0 ebx=000cffa8 ecx=000af024 edx=00000000 esi=000cffa8 edi=00000000
eip=7ffe0304 esp=0006fefc ebp=0006ff14 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0006fef8 77d43c53 77524d9f 77e7a29b 000cffa8 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0006ff14 77524f56 00000000 0101243e 000cffa8 USER32!WaitMessage+0xc
0006ff5c 01016132 01000000 00000000 000205e2 SHELL32!Ordinal201+0x20
0006ffc0 77e814c7 77e82441 0006fd1c 7ffdf000 explorer+0x16132
0006fff0 00000000 010160cc 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44

*----> Raw Stack Dump <----*
000000000006fefc 53 3c d4 77 9f 4d 52 77 - 9b a2 e7 77 a8 ff 0c 00 S<.w.MRw...w....
000000000006ff0c a8 ff 0c 00 5c ff 06 00 - 5c ff 06 00 56 4f 52 77 ....\...\...VORw
000000000006ff1c 00 00 00 00 3e 24 01 01 - a8 ff 0c 00 00 f0 fd 7f ....>$..........
000000000006ff2c c0 ff 06 00 00 00 00 00 - 18 ff 06 00 e4 bd f5 77 ...............w
000000000006ff3c 99 ef e7 77 ff ff ff ff - 0c 00 00 00 84 c2 f5 77 ...w...........w
000000000006ff4c 7c ef e7 77 00 00 00 00 - 59 ee 27 00 60 00 00 00 |..w....Y.'.`...
000000000006ff5c c0 ff 06 00 32 61 01 01 - 00 00 00 01 00 00 00 00 ....2a..........
000000000006ff6c e2 05 02 00 05 00 00 00 - 41 24 e8 77 1c fd 06 00 ........A$.w....
000000000006ff7c 44 00 00 00 34 06 02 00 - 14 06 02 00 e4 05 02 00 D...4...........
000000000006ff8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ff9c 2e 00 00 00 00 00 00 00 - 66 f1 06 00 01 00 00 00 ........f.......
000000000006ffac 05 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ffbc 00 00 00 00 f0 ff 06 00 - c7 14 e8 77 41 24 e8 77 ...........wA$.w
000000000006ffcc 1c fd 06 00 00 f0 fd 7f - f0 9c e0 f3 c8 ff 06 00 ................
000000000006ffdc 75 86 53 80 ff ff ff ff - 09 48 e9 77 10 12 e9 77 u.S......H.w...w
000000000006ffec 00 00 00 00 00 00 00 00 - 00 00 00 00 cc 60 01 01 .............`..
000000000006fffc 00 00 00 00 41 63 74 78 - 20 00 00 00 01 00 00 00 ....Actx .......
000000000007000c 4c 06 00 00 7c 00 00 00 - 00 00 00 00 20 00 00 00 L...|....... ...
000000000007001c 00 00 00 00 14 00 00 00 - 01 00 00 00 03 00 00 00 ................
000000000007002c 34 00 00 00 ac 00 00 00 - 01 00 00 00 00 00 00 00 4...............

*----> State Dump for Thread Id 0x86c <----*

eax=00000000 ebx=001417c8 ecx=001341e8 edx=00000000 esi=00070005 edi=00000000
eip=7ffe0304 esp=00d4fe28 ebp=00d4ff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\GDI32.dll -
ChildEBP RetAddr Args to Child
00d4fe24 77f5c084 780016a4 00000144 00d4ff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00d4ff90 78001601 780019d4 000a1d68 77fa88f0 ntdll!NtReplyWaitReceivePortEx+0xc
000abf58 ffffffff 0000015c 00000160 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000d4fe28 84 c0 f5 77 a4 16 00 78 - 44 01 00 00 80 ff d4 00 ...w...xD.......
0000000000d4fe38 00 00 00 00 c8 17 14 00 - 58 ff d4 00 00 00 04 00 ........X.......
0000000000d4fe48 e0 e3 de 81 48 81 75 82 - 00 00 00 00 e0 e3 de 01 ....H.u.........
0000000000d4fe58 00 5b a7 f3 48 4e 00 00 - c0 86 cc 80 00 00 00 00 .[..HN..........
0000000000d4fe68 00 00 00 00 40 b9 35 82 - 08 00 00 00 40 b9 35 82 ....@.5.....@.5.
0000000000d4fe78 40 b9 35 00 02 00 00 00 - 06 ce 4f 80 b0 b9 35 82 @.5.......O...5.
0000000000d4fe88 02 87 58 82 00 00 00 00 - 38 85 94 f7 e4 45 53 80 ..X.....8....ES.
0000000000d4fe98 02 00 00 00 7b 57 4f 80 - d8 23 e4 81 d8 23 e4 81 ....{WO..#...#..
0000000000d4fea8 58 87 58 82 8e 85 b6 f7 - 3c 24 e4 81 00 00 00 00 X.X.....<$......
0000000000d4feb8 00 00 00 00 e6 d0 f9 f5 - 38 24 e4 81 00 00 00 00 ........8$......
0000000000d4fec8 30 f1 70 82 e1 04 5a f7 - 20 88 58 82 d8 23 e4 81 0.p...Z. .X..#..
0000000000d4fed8 f0 04 5a f7 60 f1 70 82 - 30 f1 70 82 00 00 00 00 ..Z.`.p.0.p.....
0000000000d4fee8 03 00 00 00 e0 5b a7 f3 - 1f 00 00 00 40 f5 df ff .....[......@...
0000000000d4fef8 8c 48 53 80 ff ff ff ff - 46 02 00 00 cb 46 53 80 .HS.....F....FS.
0000000000d4ff08 30 5c a7 f3 28 25 74 82 - 20 f1 df ff 00 00 00 00 0\..(%t. .......
0000000000d4ff18 ae d7 4f 80 98 25 74 82 - 28 25 74 82 c4 26 74 82 ..O..%t.(%t..&t.
0000000000d4ff28 e8 64 4f 80 94 26 74 82 - 28 25 74 82 1f c5 61 80 .dO..&t.(%t...a.
0000000000d4ff38 20 f0 51 82 28 25 74 82 - 2f 16 00 78 60 ff d4 00 .Q.(%t./..x`...
0000000000d4ff48 4a 16 00 78 20 1c 0a 00 - 58 b7 0a 00 58 bf 0a 00 J..x ...X...X...
0000000000d4ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xeb8 <----*

eax=0012ec78 ebx=00007530 ecx=07c60006 edx=00000000 esi=00000000 edi=00d8ff60
eip=7ffe0304 esp=00d8ff20 ebp=00d8ff78 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d8ff1c 77f5b7f4 77e7a37a 00000000 00d8ff44 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00d8ff78 77e61bf5 0000ea60 00000000 771c15f8 ntdll!ZwDelayExecution+0xc
00000000 00000000 00000000 00000000 00000000 kernel32!Sleep+0xb

*----> Raw Stack Dump <----*
0000000000d8ff20 f4 b7 f5 77 7a a3 e7 77 - 00 00 00 00 44 ff d8 00 ...wz..w....D...
0000000000d8ff30 a2 a5 e7 77 88 e1 2b 77 - 30 75 00 00 b9 7c 1e 77 ...w..+w0u...|.w
0000000000d8ff40 44 ff d8 00 00 ba 3c dc - ff ff ff ff 14 00 00 00 D.....<.........
0000000000d8ff50 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000d8ff60 30 ff d8 00 12 00 14 00 - dc ff d8 00 09 48 e9 77 0............H.w
0000000000d8ff70 d0 3a e8 77 00 00 00 00 - 00 00 00 00 f5 1b e6 77 .:.w...........w
0000000000d8ff80 60 ea 00 00 00 00 00 00 - f8 15 1c 77 60 ea 00 00 `..........w`...
0000000000d8ff90 80 e9 0a 00 aa 7e 1e 77 - 00 00 00 00 00 00 1b 77 .....~.w.......w
0000000000d8ffa0 80 e9 0a 00 80 e9 0a 00 - ec ff d8 00 09 7f 1e 77 ...............w
0000000000d8ffb0 78 01 08 00 78 01 08 00 - 3b d3 e7 77 80 e9 0a 00 x...x...;..w....
0000000000d8ffc0 78 01 08 00 78 01 08 00 - 80 e9 0a 00 1f 00 00 00 x...x...........
0000000000d8ffd0 00 c0 fd 7f c0 ff d8 00 - 07 00 00 00 ff ff ff ff ................
0000000000d8ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
0000000000d8fff0 00 00 00 00 ef 7e 1e 77 - 80 e9 0a 00 00 00 00 00 .....~.w........
0000000000d90000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d90010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d90020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d90030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d90040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d90050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x360 <----*

eax=00000000 ebx=77f58a3e ecx=000b9970 edx=00000000 esi=c0000023 edi=00166d38
eip=7ffe0304 esp=00dcfcc4 ebp=00dcfcfc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00dcfcc0 77d46a0d 77d5cd8a 00000000 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00dcfcfc 77d4694d 00000000 00000000 00000000 USER32!GetDlgCtrlID+0x149
00dcfd20 77d46a72 00000000 00000000 010026d2 USER32!GetDlgCtrlID+0x89
00dcfd60 01002633 00020598 00000113 000b998c USER32!EnumWindows+0x13
00020598 00700078 006f006c 00650072 002e0072 explorer+0x2633
0065005c 00000000 00000000 00000000 00000000 0x700078

*----> Raw Stack Dump <----*
0000000000dcfcc4 0d 6a d4 77 8a cd d5 77 - 00 00 00 00 00 00 00 00 .j.w...w........
0000000000dcfcd4 00 00 00 00 00 00 00 00 - fd 00 00 00 38 6d 16 00 ............8m..
0000000000dcfce4 f8 fc dc 00 00 00 00 00 - 70 99 0b 00 70 99 0b 00 ........p...p...
0000000000dcfcf4 01 00 00 00 fd 00 00 00 - 20 fd dc 00 4d 69 d4 77 ........ ...Mi.w
0000000000dcfd04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dcfd14 3c fd dc 00 70 99 0b 00 - 01 00 00 00 60 fd dc 00 <...p.......`...
0000000000dcfd24 72 6a d4 77 00 00 00 00 - 00 00 00 00 d2 26 00 01 rj.w.........&..
0000000000dcfd34 50 fd dc 00 00 00 00 00 - 00 00 00 00 c7 26 00 01 P............&..
0000000000dcfd44 d2 26 00 01 50 fd dc 00 - 8c 99 0b 00 00 00 00 00 .&..P...........
0000000000dcfd54 00 00 00 00 01 00 01 00 - 98 05 02 00 98 05 02 00 ................
0000000000dcfd64 33 26 00 01 98 05 02 00 - 13 01 00 00 8c 99 0b 00 3&..............
0000000000dcfd74 f0 fd dc 00 05 00 00 00 - f7 29 00 01 00 00 00 00 .........)......
0000000000dcfd84 13 01 00 00 8c 99 0b 00 - 9e 00 04 00 00 00 00 00 ................
0000000000dcfd94 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dcfda4 00 00 00 00 00 00 00 00 - 00 00 00 00 13 01 00 00 ................
0000000000dcfdb4 50 19 00 01 13 01 00 00 - 50 19 00 01 f8 fd dc 00 P.......P.......
0000000000dcfdc4 01 40 d4 77 70 b0 47 00 - 00 00 00 00 0a 40 d4 77 .@.wp.G......@.w
0000000000dcfdd4 13 01 00 00 50 19 00 01 - 9e 00 04 00 d4 fd dc 00 ....P...........
0000000000dcfde4 00 00 00 00 98 fe dc 00 - 0a 39 d7 77 14 fe dc 00 .........9.w....
0000000000dcfdf4 90 19 00 01 9e 00 04 00 - 13 01 00 00 05 00 00 00 ................

*----> State Dump for Thread Id 0xef4 <----*

eax=77f883de ebx=00000000 ecx=00000000 edx=00000000 esi=000a5280 edi=70a908d3
eip=7ffe0304 esp=00e0ff9c ebp=00e0ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00e0ff98 77f5b7f4 77f88423 00000001 00e0ffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
00e0ffb4 77e7d33b 00000000 70a908d3 000a5280 ntdll!ZwDelayExecution+0xc
00e0ffec 00000000 77f883de 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000e0ff9c f4 b7 f5 77 23 84 f8 77 - 01 00 00 00 ac ff e0 00 ...w#..w........
0000000000e0ffac 00 00 00 00 00 00 00 80 - ec ff e0 00 3b d3 e7 77 ............;..w
0000000000e0ffbc 00 00 00 00 d3 08 a9 70 - 80 52 0a 00 00 00 00 00 .......p.R......
0000000000e0ffcc 00 00 00 00 00 a0 fd 7f - c0 ff e0 00 07 00 00 00 ................
0000000000e0ffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00 .....H.w.=.w....
0000000000e0ffec 00 00 00 00 00 00 00 00 - de 83 f8 77 00 00 00 00 ...........w....
0000000000e0fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e1009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e100ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e100bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e100cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x130 <----*

eax=00e40031 ebx=00000000 ecx=00e4f944 edx=00000000 esi=77fc59a0 edi=77fc59fc
eip=7ffe0304 esp=00e4ff70 ebp=00e4ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00e4ff6c 77f5c024 77f95b41 00000190 00e4ffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
00e4ffb4 77e7d33b 00000000 00080000 77f944a8 ntdll!ZwRemoveIoCompletion+0xc
00e4ffec 00000000 77f95b06 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000e4ff70 24 c0 f5 77 41 5b f9 77 - 90 01 00 00 ac ff e4 00 $..wA[.w........
0000000000e4ff80 b0 ff e4 00 98 ff e4 00 - a0 ff e4 00 00 00 08 00 ................
0000000000e4ff90 a8 44 f9 77 00 00 00 00 - 00 00 00 00 20 a1 15 00 .D.w........ ...
0000000000e4ffa0 00 7c 28 e8 ff ff ff ff - 62 cf 4f 80 26 61 f9 77 .|(.....b.O.&a.w
0000000000e4ffb0 58 ef 15 00 ec ff e4 00 - 3b d3 e7 77 00 00 00 00 X.......;..w....
0000000000e4ffc0 00 00 08 00 a8 44 f9 77 - 00 00 00 00 00 00 00 00 .....D.w........
0000000000e4ffd0 00 90 fd 7f c0 ff e4 00 - 07 00 00 00 ff ff ff ff ................
0000000000e4ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
0000000000e4fff0 00 00 00 00 06 5b f9 77 - 00 00 00 00 00 00 00 00 .....[.w........
0000000000e50000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e50090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e500a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xf14 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001
eip=7ffe0304 esp=00e8fcec ebp=00e8ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00e8fce8 77f5c524 77f91f83 00000003 00e8fd30 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00e8ffb4 77e7d33b 00000000 00000020 00000020 ntdll!NtWaitForMultipleObjects+0xc
00e8ffec 00000000 77f91e38 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000e8fcec 24 c5 f5 77 83 1f f9 77 - 03 00 00 00 30 fd e8 00 $..w...w....0...
0000000000e8fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
0000000000e8fd0c 20 00 00 00 00 00 00 00 - 20 5a fc 77 20 5a fc 77 ....... Z.w Z.w
0000000000e8fd1c 98 01 00 00 14 0f 00 00 - 03 00 00 00 03 00 00 00 ................
0000000000e8fd2c 02 00 00 00 94 01 00 00 - 7c 01 00 00 dc 03 00 00 ........|.......
0000000000e8fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e8fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x384 <----*

eax=00001142 ebx=0014d8f0 ecx=77e75f10 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=00f6fd30 ebp=00f6fdcc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f6fd2c 77f5c524 77e75ee0 0000000e 0014d8f0 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00f6fdcc 77d463eb 0000000e 00142638 00000000 ntdll!NtWaitForMultipleObjects+0xc
00f6fe28 7746bf4b 0000000d 00f6fe50 ffffffff USER32!SetScrollInfo+0x21f
00f6ff4c 7746cc79 70aac487 00000000 77d99cd0 SHELL32!Ordinal643+0x9a2
00f6ffb4 77e7d33b 00000000 77d99cd0 ffffffff SHELL32!Ordinal643+0x16d0
00f6ffec 00000000 70aac3f5 00dcf490 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000f6fd30 24 c5 f5 77 e0 5e e7 77 - 0e 00 00 00 f0 d8 14 00 $..w.^.w........
0000000000f6fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f6fd50 0e 00 00 00 02 00 00 00 - 20 fe f6 00 c8 5a 47 00 ........ ....ZG.
0000000000f6fd60 00 00 00 00 00 00 00 00 - 01 00 00 00 0e 00 00 00 ................
0000000000f6fd70 00 f0 fd 7f 00 70 fd 7f - 00 00 00 00 c8 fd f6 00 .....p..........
0000000000f6fd80 f0 88 fa 77 78 1c f5 77 - ff ff ff ff 3a 8a f5 77 ...wx..w....:..w
0000000000f6fd90 d4 a6 e7 77 00 00 08 00 - f0 d8 14 00 00 70 fd 7f ...w.........p..
0000000000f6fda0 14 00 00 00 01 00 00 00 - 48 71 0c 00 00 00 00 00 ........Hq......
0000000000f6fdb0 00 00 00 00 4c fd f6 00 - 00 00 00 00 dc ff f6 00 ....L...........
0000000000f6fdc0 09 48 e9 77 78 32 e8 77 - 00 00 00 00 28 fe f6 00 .H.wx2.w....(...
0000000000f6fdd0 eb 63 d4 77 0e 00 00 00 - 38 26 14 00 00 00 00 00 .c.w....8&......
0000000000f6fde0 ff ff ff ff 01 00 00 00 - f0 83 0c 00 0d 00 00 00 ................
0000000000f6fdf0 00 00 00 00 f1 3e d4 77 - 00 00 00 00 3c fe f6 00 .....>.w....<...
0000000000f6fe00 ac ae 46 77 20 fe f6 00 - 00 00 00 00 00 00 00 00 ..Fw ...........
0000000000f6fe10 00 00 00 00 01 00 00 00 - 00 00 00 00 01 00 00 00 ................
0000000000f6fe20 00 70 fd 7f d4 01 00 00 - 4c ff f6 00 4b bf 46 77 .p......L...K.Fw
0000000000f6fe30 0d 00 00 00 50 fe f6 00 - ff ff ff ff ff 04 00 00 ....P...........
0000000000f6fe40 38 26 14 00 00 00 00 00 - 00 00 00 00 00 00 00 00 8&..............
0000000000f6fe50 c0 04 00 00 08 05 00 00 - b8 04 00 00 0c 05 00 00 ................
0000000000f6fe60 20 05 00 00 4c 04 00 00 - 04 05 00 00 e4 03 00 00 ...L...........

*----> State Dump for Thread Id 0x5a8 <----*

eax=0159fd6c ebx=00004e20 ecx=0000c0f6 edx=00000000 esi=0159fd6c edi=77d43c54
eip=7ffe0304 esp=0159fcfc ebp=0159fd18 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0159fcf8 77d43a09 77d43c7d 0159fd6c 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0159fd18 74b01590 0159fd6c 00000000 00000000 USER32+0x3a09
0159fd90 74b02f1b 74b00000 00000000 00060054 stobject+0x1590
0159ffb4 77e7d33b 00000000 0010ff30 00000040 stobject+0x2f1b
0159ffec 00000000 74b02ed6 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000159fcfc 09 3a d4 77 7d 3c d4 77 - 6c fd 59 01 00 00 00 00 .:.w}<.wl.Y.....
000000000159fd0c 00 00 00 00 00 00 00 00 - 00 00 00 00 90 fd 59 01 ..............Y.
000000000159fd1c 90 15 b0 74 6c fd 59 01 - 00 00 00 00 00 00 00 00 ...tl.Y.........
000000000159fd2c 00 00 00 00 30 ff 10 00 - 00 00 b0 74 00 00 00 00 ....0......t....
000000000159fd3c 30 00 00 00 00 40 00 00 - f0 12 b0 74 00 00 00 00 0....@.....t....
000000000159fd4c 1e 00 00 00 00 00 b0 74 - 5d 02 df 01 11 00 01 00 .......t].......
000000000159fd5c 10 00 00 00 00 00 00 00 - f4 31 b0 74 00 00 00 00 .........1.t....
000000000159fd6c 52 00 06 00 f6 c0 00 00 - 00 00 00 00 00 00 00 00 R...............
000000000159fd7c 54 67 2b 00 3f 01 00 00 - da 02 00 00 00 00 00 00 Tg+.?...........
000000000159fd8c 00 00 00 00 b4 ff 59 01 - 1b 2f b0 74 00 00 b0 74 ......Y../.t...t
000000000159fd9c 00 00 00 00 54 00 06 00 - 01 00 00 00 40 00 00 00 ....T.......@...
000000000159fdac 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00 C.:.\.W.I.N.D.O.
000000000159fdbc 57 00 53 00 5c 00 53 00 - 79 00 73 00 74 00 65 00 W.S.\.S.y.s.t.e.
000000000159fdcc 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00 m.3.2.\.s.t.o.b.
000000000159fddc 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00 j.e.c.t...d.l.l.
000000000159fdec 00 00 00 00 00 02 00 00 - fc ff 59 01 23 00 00 00 ..........Y.#...
000000000159fdfc 42 d3 e7 77 1b 00 00 00 - 00 f0 04 01 fc ff 04 01 B..w............
000000000159fe0c 23 00 00 00 42 d3 e7 77 - 1b 00 00 00 00 f0 04 01 #...B..w........
000000000159fe1c fc ff 04 01 23 00 00 00 - 18 f1 79 82 80 00 00 00 ....#.....y.....
000000000159fe2c 80 f3 4f a8 d3 59 c4 01 - 05 00 00 00 54 5b 08 f4 ..O..Y......T[..

*----> State Dump for Thread Id 0x5d4 <----*

eax=72d22ecc ebx=009eff1c ecx=000000fa edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=009efed4 ebp=009eff70 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
009efed0 77f5c524 77e75ee0 00000002 009eff1c *SharedUserSystemCall+0xc (FPO: [0,0,0])
009eff70 77e75faa 00000002 009effa4 00000000 ntdll!NtWaitForMultipleObjects+0xc
009effb4 77e7d33b 00000000 00000021 41f59037 kernel32!WaitForMultipleObjects+0x17
009effec 00000000 72d22ecc 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000009efed4 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 1c ff 9e 00 $..w.^.w........
00000000009efee4 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 00 00 ............!...
00000000009efef4 00 00 00 00 00 00 00 00 - ff ff ff ff 46 02 00 00 ............F...
00000000009eff04 00 00 00 00 30 5c 08 f4 - f8 a8 de 81 02 00 00 00 ....0\..........
00000000009eff14 00 f0 fd 7f 00 50 fd 7f - 94 03 00 00 ac 03 00 00 .....P..........
00000000009eff24 94 aa de 81 e8 64 4f 80 - 64 aa de 81 f8 a8 de 81 .....dO.d.......
00000000009eff34 1f c5 61 80 20 f0 51 82 - 1c ff 9e 00 00 50 fd 7f ..a. .Q......P..
00000000009eff44 14 00 00 00 01 00 00 00 - 30 db 0f 00 00 00 00 00 ........0.......
00000000009eff54 00 00 00 00 f0 fe 9e 00 - 00 00 00 00 dc ff 9e 00 ................
00000000009eff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 9e 00 .H.wx2.w........
00000000009eff74 aa 5f e7 77 02 00 00 00 - a4 ff 9e 00 00 00 00 00 ._.w............
00000000009eff84 ff ff ff ff 00 00 00 00 - 0c 2f d2 72 02 00 00 00 ........./.r....
00000000009eff94 a4 ff 9e 00 00 00 00 00 - ff ff ff ff 37 90 f5 41 ............7..A
00000000009effa4 94 03 00 00 ac 03 00 00 - a8 5c 08 f4 f4 bf f5 77 .........\.....w
00000000009effb4 ec ff 9e 00 3b d3 e7 77 - 00 00 00 00 21 00 00 00 ....;..w....!...
00000000009effc4 37 90 f5 41 00 00 00 00 - 1f 00 00 00 00 50 fd 7f 7..A.........P..
00000000009effd4 c0 ff 9e 00 07 00 00 00 - ff ff ff ff 09 48 e9 77 .............H.w
00000000009effe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
00000000009efff4 cc 2e d2 72 00 00 00 00 - 00 00 00 00 c8 00 00 00 ...r............
00000000009f0004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x724 <----*

eax=0010b698 ebx=000ac918 ecx=000a98e0 edx=00000000 esi=00000000 edi=00000000
eip=7ffe0304 esp=00b4fe28 ebp=00b4ff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00b4fe24 77f5c084 780016a4 00000144 00b4ff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00b4ff90 78001601 780019d4 000a1d68 00000000 ntdll!NtReplyWaitReceivePortEx+0xc
000fc3c0 ffffffff 00000428 00000418 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000b4fe28 84 c0 f5 77 a4 16 00 78 - 44 01 00 00 80 ff b4 00 ...w...xD.......
0000000000b4fe38 00 00 00 00 18 c9 0a 00 - 60 ff b4 00 00 00 04 00 ........`.......
0000000000b4fe48 50 82 4a 82 a8 ce df 81 - 06 02 00 00 9b 9f 4f 80 P.J...........O.
0000000000b4fe58 01 00 00 00 00 00 00 00 - 20 f1 df ff 00 00 4f 80 ........ .....O.
0000000000b4fe68 00 00 00 00 e8 74 ca 81 - 09 00 00 00 e8 74 ca 81 .....t.......t..
0000000000b4fe78 e8 74 ca 00 44 00 45 00 - 06 ce 4f 80 58 75 ca 81 .t..D.E...O.Xu..
0000000000b4fe88 02 87 58 82 00 00 00 00 - 38 85 94 f7 e4 45 53 80 ..X.....8....ES.
0000000000b4fe98 02 00 00 00 7b 57 4f 80 - 88 0e d3 81 88 0e d3 81 ....{WO.........
0000000000b4fea8 58 87 58 82 8e 85 b6 f7 - ec 0e d3 81 00 00 00 00 X.X.............
0000000000b4feb8 00 00 00 00 e6 d0 f9 f5 - e8 0e d3 81 00 00 00 00 ................
0000000000b4fec8 30 f1 70 82 e1 04 5a f7 - 20 88 58 82 88 0e d3 81 0.p...Z. .X.....
0000000000b4fed8 f0 04 5a f7 60 f1 70 82 - 30 f1 70 82 00 00 00 00 ..Z.`.p.0.p.....
0000000000b4fee8 03 00 00 00 e0 5b 08 f4 - 32 09 5a f7 fc 5b 08 f4 .....[..2.Z..[..
0000000000b4fef8 00 00 00 00 5d c0 21 f7 - dc 14 22 f7 20 71 22 f7 ....].!...". q".
0000000000b4ff08 28 0f 70 82 28 0f 70 82 - d8 5a 72 82 08 5d 70 82 (.p.(.p..Zr..]p.
0000000000b4ff18 20 5c 08 f4 38 f5 df ff - e4 45 53 80 00 78 cc 81 \..8....ES..x..
0000000000b4ff28 24 66 4f 80 14 7a cc 81 - a8 78 cc 81 1f c5 61 80 $fO..z...x....a.
0000000000b4ff38 20 f0 51 82 a8 78 cc 81 - 2f 16 00 78 60 ff b4 00 .Q..x../..x`...
0000000000b4ff48 4a 16 00 78 20 1c 0a 00 - a0 c5 0f 00 c0 c3 0f 00 J..x ...........
0000000000b4ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xadc <----*

eax=762dc4fa ebx=021eff38 ecx=77f944a8 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=021efef0 ebp=021eff8c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\CRYPT32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
021efeec 77f5c524 77e75ee0 00000001 021eff38 *SharedUserSystemCall+0xc (FPO: [0,0,0])
021eff8c 762dc51f 00000001 001454f8 00000000 ntdll!NtWaitForMultipleObjects+0xc
00000001 00000000 00000000 00000000 00000000 CRYPT32!CertEnumPhysicalStore+0x678

*----> Raw Stack Dump <----*
00000000021efef0 24 c5 f5 77 e0 5e e7 77 - 01 00 00 00 38 ff 1e 02 $..w.^.w....8...
00000000021eff00 01 00 00 00 00 00 00 00 - 24 ff 1e 02 f8 54 14 00 ........$....T..
00000000021eff10 f0 54 14 00 00 00 00 00 - 20 1c 63 f3 38 f5 df ff .T...... .c.8...
00000000021eff20 24 ff 1e 02 80 2e 0f f7 - ff ff ff ff 01 00 00 00 $...............
00000000021eff30 00 f0 fd 7f 00 f0 fa 7f - 54 05 00 00 d8 06 bc 81 ........T.......
00000000021eff40 00 f0 fa 7f 00 00 00 00 - 00 00 00 00 90 1c 63 f3 ..............c.
00000000021eff50 7a cf 4f 80 00 00 00 00 - 38 ff 1e 02 00 00 00 00 z.O.....8.......
00000000021eff60 14 00 00 00 01 00 00 00 - 30 55 14 00 00 00 00 00 ........0U......
00000000021eff70 00 00 00 00 0c ff 1e 02 - 20 f0 51 82 dc ff 1e 02 ........ .Q.....
00000000021eff80 09 48 e9 77 78 32 e8 77 - 00 00 00 00 01 00 00 00 .H.wx2.w........
00000000021eff90 1f c5 2d 76 01 00 00 00 - f8 54 14 00 00 00 00 00 ..-v.....T......
00000000021effa0 98 3a 00 00 00 00 00 00 - 2c da dc 00 f0 88 fa 77 .:......,......w
00000000021effb0 ec ff 1e 02 f0 54 14 00 - 3b d3 e7 77 f0 54 14 00 .....T..;..w.T..
00000000021effc0 2c da dc 00 f0 88 fa 77 - f0 54 14 00 1f 00 00 00 ,......w.T......
00000000021effd0 00 f0 fa 7f c0 ff 1e 02 - 07 00 00 00 ff ff ff ff ................
00000000021effe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
00000000021efff0 00 00 00 00 fa c4 2d 76 - f0 54 14 00 00 00 00 00 ......-v.T......
00000000021f0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021f0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021f0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x7c8 <----*

eax=0165ffff ebx=00000001 ecx=0026c150 edx=01660000 esi=00082ec8 edi=ffffffff
eip=77e7650d esp=0222d2a0 ebp=0222d2ac iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

function: kernel32!GetWindowsDirectoryW
77e764f5 8b4510 mov eax,[ebp+0x10]
77e764f8 85c0 test eax,eax
77e764fa 0f847956ffff je kernel32!GetDateFormatA+0x100 (77e6bb79)
77e76500 53 push ebx
77e76501 56 push esi
77e76502 57 push edi
77e76503 8b7d14 mov edi,[ebp+0x14]
77e76506 85ff test edi,edi
77e76508 7d0f jge kernel32!GetWindowsDirectoryW+0x48 (77e76519)
77e7650a 8d5001 lea edx,[eax+0x1]
FAULT ->77e7650d 8a08 mov cl,[eax] ds:0023:0165ffff=??
77e7650f 40 inc eax
77e76510 84c9 test cl,cl
77e76512 75f9 jnz kernel32!GetWindowsDirectoryW+0x3c (77e7650d)
77e76514 2bc2 sub eax,edx
77e76516 8d7801 lea edi,[eax+0x1]
77e76519 8b4518 mov eax,[ebp+0x18]
77e7651c 8b30 mov esi,[eax]
77e7651e 85f6 test esi,esi
77e76520 0f8477eafeff je kernel32!ReplaceFileW+0x8a2 (77e64f9d)
77e76526 6a7f push 0x7f

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for C:\WINDOWS\PopUpWasher21.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\PopUpWasher21.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
0222d2ac 77e75d6d 00082ec8 00000000 0165ffff kernel32!GetWindowsDirectoryW+0x3c
0222d4e0 77e75f82 00000409 40000001 0165ffff kernel32!CompareStringA+0x75
0222d508 015ce40b 0165ffff 0026b438 0222d548 kernel32!lstrcmpi+0x21
0222d53c 015ce2ef 0026c150 0026c1f0 00000000 PopUpWasher21+0xe40b
0222d748 015ce0c1 00000001 01620000 0222d77c PopUpWasher21+0xe2ef
0222d758 771cd208 0222d7cc 00000000 00000008 PopUpWasher21+0xe0c1
0222d77c 771cd12e 0222d7cc 0222d7a4 0222d7a8 ole32!OleRun+0x35a1
0222d7ac 771ccb72 0222d7cc 0222da78 0222d9fc ole32!OleRun+0x34c7
0222d9ec 771cca62 00000001 0222da78 00000000 ole32!OleRun+0x2f0b
0222da34 771cc9c5 00000001 000a50f4 0222da5c ole32!OleRun+0x2dfb
0222da60 771cdc4a 0222da78 772beca0 0222e038 ole32!OleRun+0x2d5e
0222dac8 771cc511 772bec9c 00000000 00000001 ole32!CoGetTreatAsClass+0x845
0222daf4 771cdd29 0222e038 00000000 0222e5fc ole32!OleRun+0x28aa
0222db38 771cdb21 772beca0 00000000 0222e038 ole32!CoGetTreatAsClass+0x924
0222db58 771cd63e 772beca0 00000001 00000000 ole32!CoGetTreatAsClass+0x71c
0222db78 771cd5fc 772bec98 0222de94 00000000 ole32!CoGetTreatAsClass+0x239
0222dbb0 771cdb7a 772bec98 0222de94 00000000 ole32!CoGetTreatAsClass+0x1f7
0222dbd8 771cc511 772bec98 00000000 0222e038 ole32!CoGetTreatAsClass+0x775
0222dc04 771cc5a3 0222e038 00000000 0222e5fc ole32!OleRun+0x28aa
0222de54 771cc511 772be60c 00000000 0222e038 ole32!OleRun+0x293c
0222de80 771cc6f5 0222e038 00000000 0222e5fc ole32!OleRun+0x28aa
0222e5c0 0222ea4c 00000000 00000001 00000000 ole32!OleRun+0x2a8e
80000000 00000000 00000000 00000000 00000000 0x222ea4c

*----> Raw Stack Dump <----*
000000000222d2a0 00 00 00 00 c8 2e 08 00 - 01 00 00 00 e0 d4 22 02 ..............".
000000000222d2b0 6d 5d e7 77 c8 2e 08 00 - 00 00 00 00 ff ff 65 01 m].w..........e.
000000000222d2c0 ff ff ff ff dc d4 22 02 - d8 d4 22 02 cc d7 22 02 ......"..."...".
000000000222d2d0 01 00 00 40 38 b4 26 00 - 75 00 73 00 65 00 72 00 ...@8.&.u.s.e.r.
000000000222d2e0 33 00 32 00 2e 00 64 00 - 6c 00 6c 00 10 00 00 00 3.2...d.l.l.....
000000000222d2f0 60 d4 22 02 68 d4 22 02 - 00 00 00 00 28 d3 22 02 `.".h.".....(.".
000000000222d300 b5 ab f5 77 90 d4 22 02 - 0e 00 00 00 34 d3 22 02 ...w..".....4.".
000000000222d310 58 d3 22 02 1c 00 00 00 - 90 d4 22 02 9c 00 00 00 X.".......".....
000000000222d320 00 00 00 00 00 00 00 00 - 70 d4 22 02 4f de e7 77 ........p.".O..w
000000000222d330 68 d4 22 02 0e 00 00 00 - 00 00 00 00 cc d7 22 02 h."...........".
000000000222d340 b0 e0 2b 77 1c 01 00 00 - 05 00 00 00 01 00 00 00 ..+w............
000000000222d350 28 0a 00 00 02 00 00 00 - 53 00 65 00 72 00 76 00 (.......S.e.r.v.
000000000222d360 69 00 63 00 65 00 20 00 - 50 00 61 00 63 00 6b 00 i.c.e. .P.a.c.k.
000000000222d370 20 00 31 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .1.............
000000000222d380 00 00 00 00 74 00 72 00 - 61 00 63 00 6b 00 70 00 ....t.r.a.c.k.p.
000000000222d390 6f 00 70 00 04 00 00 00 - 20 00 00 00 6e 00 75 00 o.p..... ...n.u.
000000000222d3a0 65 00 78 00 00 00 00 00 - 00 00 00 00 00 00 00 00 e.x.............
000000000222d3b0 98 ec 26 00 00 00 26 00 - ac d1 22 02 00 00 00 00 ..&...&...".....
000000000222d3c0 00 d4 22 02 f0 88 fa 77 - 78 1c f5 77 ff ff ff ff .."....wx..w....
000000000222d3d0 3a 8a f5 77 14 ac c2 77 - 00 00 26 00 00 00 00 00 :..w...w..&.....

Ok, and my desktop comes back not all the icons in the taskbar come back. so if i want to delete a file or something i have to drag the file into the recyle bin. also if i right click the recylcebin icon on my desktop and click on explorer, i also get the same error. anyways here my hijackthis log:

Logfile of HijackThis v1.98.0
Scan saved at 1:25:22 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS&#

#2 aWe

aWe

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 03:59 PM

sorry too must text heres an updated hijack log file:

Logfile of HijackThis v1.98.0
Scan saved at 2:15:52 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HFXP\hfxp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris Billinger\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\PopUpWasher21.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Winsock32driver] svshost.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [POPUPWATCH] C:\Program Files\Spyware Remover\PupupWatch\PopUpWatch.exe /STARTUP
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [hfxp] C:\Program Files\HFXP\hfxp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...83/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city....eb/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,20/mcgdmgr.cab

Edited by aWe, 04 July 2004 - 04:16 PM.


#3 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 04 July 2004 - 08:14 PM

Please run HijackThis again and place a check beside each of the following items. Once done close all other windows and click fix checked.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O4 - HKLM\..\Run: [Winsock32driver] svshost.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Also if you didn't set these please fix them as well

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

Next reboot and do a search for the following file. If found please delete it.

svshost.exe

Make sure you search for this exact name.

After deleting reboot again and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button