Jump to content


Photo

Hijackthis Log


  • This topic is locked This topic is locked
21 replies to this topic

#1 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 03 January 2006 - 08:04 PM

Attached is the Hijackthis Log. Can someone look at it and advise me what I need to delete?


Logfile of HijackThis v1.99.1
Scan saved at 8:29:34 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...=A&UT=companion
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#2 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 13 January 2006 - 08:49 AM

Hi martimar9,

You are running Hijackthis from a temporary file,but Hijackthis should be in a permanent folder to save its backups in case we need to undo any changes. Please delete the one you currently have.
  • Download HijackThis again by clicking here,but don’t hit “Open”, but “Save as”. Then navigate to your desktop, and hit “Save”. After downloading, minimize all windows until you’re on your desktop.
  • Now double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
  • Minimize the zipfolder, and go to My Computer. Double-click on C:/.
  • In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.
  • Call this folder HijackThis. Double-click to open this - new - folder.
  • Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now double-click on the HijackThis.exe in the folder you’ve just created and please post a new log.


#3 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 13 January 2006 - 06:17 PM

Thanks for getting back with me. I ran a new log. Here it is: Why won't it allow me to attach this file?

Logfile of HijackThis v1.99.1
Scan saved at 6:59:25 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\htpatch.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...=A&UT=companion
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87EDD328-06F2-42A2-B80D-B1B53A2C56DC}: NameServer = 64.136.28.122 64.136.20.122
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 14 January 2006 - 03:36 PM

Is your current ISP Netzero or Juno?

Please go to Control Panel Add/Remove Programs and uninstall these if there is an entry:

iMesh
iMeshBar


Open HijackThis and click Scan. Put a check next to these: (if they still exist after the uninstalls)

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\3.bin\IMESHBAR.DLL


Close all other windows except HijackThis and click Fix Checked.

After that delete these folders:

C:\Program Files\iMesh
C:\Program Files\iMeshBar

Reboot when done. Let's run an online scan and see if it finds anything.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post a new HijackThis log along with Kaspersky results.

#5 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 15 January 2006 - 06:00 PM

My ISP is Netzero. Here is the new Hijackthis Log and Results from Kaspersky Scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:26 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...=A&UT=companion
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 15, 2006 14:48:09
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/01/2006
Kaspersky Anti-Virus database records: 171639
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 62794
Number of viruses found: 15
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 4667 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\1.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet.a
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\1.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.nj
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\1.exe Infected: Trojan-Downloader.Win32.Agent.nj
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\bb.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\cxtpls_loader.exe Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\DelF9.tmp Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\II1D.tmp/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet.a
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\II1D.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.nj
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\II1D.tmp Infected: Trojan-Downloader.Win32.Agent.nj
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.ir
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ep
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\sidefind.exe Infected: not-a-virus:AdWare.Win32.SideFind.a
C:\downloads\downloads2\downloads\48johnsontheme.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.Quick.a
C:\downloads\downloads2\downloads\48johnsontheme.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\downloads\downloads2\downloads\48johnsontheme.exe/WISE0016.BIN Infected: Trojan-Dropper.Win32.Small.jh
C:\downloads\downloads2\downloads\48johnsontheme.exe Infected: Trojan-Dropper.Win32.Small.jh
C:\downloads\downloads2\downloads\9kahnetheme.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Quick.a
C:\downloads\downloads2\downloads\9kahnetheme.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\downloads\downloads2\downloads\9kahnetheme.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.EZula.a
C:\downloads\downloads2\downloads\9kahnetheme.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103
C:\downloads\downloads2\downloads\9kahnetheme.exe/WISE0020.BIN Infected: Trojan-Dropper.Win32.Small.jh
C:\downloads\downloads2\downloads\9kahnetheme.exe Infected: Trojan-Dropper.Win32.Small.jh
C:\downloads\downloads2\downloads\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d
C:\downloads\downloads2\downloads\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d
C:\downloads\downloads2\downloads\Schnauzer.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103
C:\downloads\downloads2\downloads\Schnauzer.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\downloads\downloads2\downloads\Schnauzer.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen

Scan process completed.

#6 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 16 January 2006 - 06:07 AM

The Juno entries disappeared from your log, did you fix them yourself?

Please download the Killbox.
Unzip it to the desktop.

1) Please run Killbox.

2) Select "Delete on Reboot". Go to Options>Delete on Reboot and select "Process all on list"

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\downloads\downloads2\downloads\48johnsontheme.exe
C:\downloads\downloads2\downloads\9kahnetheme.exe
C:\downloads\downloads2\downloads\iMeshV4.exe
C:\downloads\downloads2\downloads\Schnauzer.exe
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\1.exe
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\bb.exe
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\cxtpls_loader.exe
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\DelF9.tmp
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\II1D.tmp
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\iinstall.exe
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\optimize.exe
C:\Documents and Settings\Martin Lamar\Local Settings\Temp\sidefind.exe


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do You Want to Reboot Now prompt.

After reboot:

Please download ATF Cleaner by Atribune. Do not run it yet.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back to normal mode and please post the log from Ewido along with a new HijackThis log. Do you have any problems left now?

#7 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 17 January 2006 - 06:45 PM

First thing, thanks for all of help!

I did not remove the Juno entries. One of the problems that started me on this journey is when I'm looking at a folder and click on a file then right click my mouse to delete it, my computer locks up. I press ctl, alt, del to bring up task manager and it says " whatever " folder is not responding. I thought maybe it was mouse related, but I can right click in programs without this problem. It only happens with files.

Any suggestions? I will try rebooting in safe mode and let you know the results. Anyway,here are the logs:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:24:15 PM, 1/16/2006
+ Report-Checksum: A4CCF063

+ Scan result:

HKU\S-1-5-21-2025429265-1343024091-499911859-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6CB0-410C-8C3D-8FA8D2011D0A} -> Spyware.iMesh : Cleaned with backup
HKU\S-1-5-21-2025429265-1343024091-499911859-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Spyware.URLBlaze : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 7:27:44 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\NetZero\exec.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...=A&UT=companion
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#8 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 17 January 2006 - 07:04 PM

I tried right clicking in safe mode with the same results.

#9 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 18 January 2006 - 07:32 AM

Does it happen with any file or does it happen with only certain types of files? Or a specific location such as My Documents?

#10 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 18 January 2006 - 05:28 PM

It happens with any file type. No specific location. When surfing the web with Internet Explorer, I can right click and save images, etc. When I was posting logs and reports, I double clicked on the log text file, which opened Notepad. I highlighted and right clicked to copy and I right clicked to paste in my replies. But, for some reason, in a folder or using Windows Explorer, when I right click my computer locks up.

I've looked for setting that I may have changed, but I cannot find anything that would cause this problem.
It's weird!!!

#11 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 19 January 2006 - 06:54 AM

First, let's see what you have in your context menu. You may have a badly coded entry there.

Download http://www.bleepingc...es/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#12 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 19 January 2006 - 07:48 PM

Here is the WinPFind Log:

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/31/2003 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/19/2006 8:18:00 PM S 2048 C:\WINDOWS\bootstat.dat
12/16/2005 8:58:00 PM HS 2828 C:\WINDOWS\system32\KGyGaAvL.sys
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/19/2006 8:17:52 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/19/2006 8:18:12 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/19/2006 8:18:06 PM H 24576 C:\WINDOWS\system32\config\SECURITY.LOG
1/19/2006 8:18:24 PM H 73728 C:\WINDOWS\system32\config\software.LOG
1/19/2006 8:18:06 PM H 864256 C:\WINDOWS\system32\config\system.LOG
1/11/2006 7:51:12 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
12/13/2005 8:08:58 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\049f4623-f124-43fb-abb8-ab46cda683a8
12/13/2005 8:08:58 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/19/2006 8:17:02 PM H 6 C:\WINDOWS\Tasks\SA.DAT
1/18/2006 6:12:58 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/18/2006 6:12:58 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/18/2006 6:12:58 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0IELRQUK\desktop.ini
1/18/2006 6:12:58 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\LQRV505L\desktop.ini
1/18/2006 6:12:58 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\M33356G2\desktop.ini
1/18/2006 6:12:58 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YGIXIB8B\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 5/28/2001 12:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 6/3/2004 9:05:06 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 6/18/2003 12:31:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/29/2005 9:28:02 AM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
4/5/2005 5:31:18 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/16/2005 7:29:58 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/5/2005 1:15:54 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
4/5/2005 5:31:18 PM HS 84 C:\Documents and Settings\Martin Lamar\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
4/5/2005 1:15:54 PM HS 62 C:\Documents and Settings\Martin Lamar\Application Data\desktop.ini
UPX! 6/9/2005 5:16:44 PM 184808 C:\Documents and Settings\Martin Lamar\Application Data\shb.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EncodeDivXExt
{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3} = C:\Program Files\DivX\Dr.DivX\EncodeDivXExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}
Popup-Blocker Class = C:\Program Files\NetZero\qsacc\x1IEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} = ZeroBar : C:\Program Files\NetZero\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{F5735C15-1FB2-41FE-BA12-242757E69DDE} = :
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} = ZeroBar : C:\Program Files\NetZero\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Jet Detection "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
HTpatch C:\WINDOWS\htpatch.exe
MCUpdateExe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
PrinTray C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
LXSUPMON C:\WINDOWS\system32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NetZero_uoltray C:\Program Files\NetZero\exec.exe regrun
spc_w "C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Martin Lamar^Start Menu^Programs^Startup^Reboot.exe
path C:\Documents and Settings\Martin Lamar\Start Menu\Programs\Startup\Reboot.exe
backup C:\WINDOWS\pss\Reboot.exeStartup
location Startup
command C:\Documents and Settings\Martin Lamar\Start Menu\Programs\Startup\Reboot.exe
item Reboot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command C:\Program Files\Ahead\InCD\InCD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command C:\Program Files\Ahead\InCD\InCD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kmw_run.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kmw_run
hkey HKLM
command kmw_run.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kmw_run
hkey HKLM
command kmw_run.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item McUpdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item McUpdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkUFind
hkey HKLM
command C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkUFind
hkey HKLM
command C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSWheel
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSUSBRG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SiSUSBrg
hkey HKLM
command C:\WINDOWS\SiSUSBrg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SiSUSBrg
hkey HKLM
command C:\WINDOWS\SiSUSBrg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\spc_w
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nzspc
hkey HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nzspc
hkey HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uoltray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exec
hkey HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exec
hkey HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/19/2006 8:26:36 PM

#13 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 20 January 2006 - 06:56 AM

I see one possible one there, let's see if disabling that one solves the problem..

First please make a backup of your registry. Go to Start >Run and type: regedit

Go to File>Export and save that file on your desktop, name it backup.reg. Close regedit.

Now please copy the following text in the code box to Notepad. Make sure there is no empty line above REGEDIT4. In Notepad go to File > Save As. Name it Fixit.reg, in the drop down box at the bottom choose "All Files", and save it on your desktop. Then double click on Fixit.reg and let it merge with the registry..

REGEDIT4

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EncodeDivXExt]
{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3} = -

After that, reboot. See if the problem persists. If it does, double click on backup.reg and let it merge with the registry to restore that item. Let me know..

#14 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 20 January 2006 - 07:09 PM

No dice! Just an update. If I go to a blank spot on my desktop, I can right click. If I go to an icon on my desktop, my computer locks up. I also went to a file under MY COMPUTER and tried to delete it with "DELETE THIS FILE under TASKS and it locked up. I'm attaching a copy of the DR. WATSON's Log. Maybe this will help ( as he crosses his fingers ).

Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=3336)
When: 1/20/2006 @ 19:37:50.885
Exception number: 80000007
()

*----> System Information <----*
Computer Name: LAMARS
User Name: Martin Lamar
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 1
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Martin Lamar

*----> Task List <----*
0 System Process
4 System
296 smss.exe
344 csrss.exe
376 winlogon.exe
420 services.exe
432 lsass.exe
668 svchost.exe
728 svchost.exe
764 svchost.exe
816 svchost.exe
840 svchost.exe
1040 LEXBCES.EXE
1064 spoolsv.exe
1080 LEXPPS.EXE
1308 CTsvcCDA.exe
1332 ewidoctrl.exe
1360 mcdetect.exe
1380 mctskshd.exe
1444 mcvsshld.exe
1456 mcagent.exe
1492 mcvsescn.exe
1500 htpatch.exe
1532 LXSUPMON.EXE
1540 exec.exe
1764 mcvsrte.exe
1804 nvsvc32.exe
1904 svchost.exe
1992 MsPMSPSv.exe
788 mcshield.exe
864 alg.exe
2076 exec.exe
2180 x1exec.exe
3336 explorer.exe
4060 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe
(00000000013c0000 - 00000000013c8000: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
(00000000016d0000 - 00000000016e2000: C:\WINDOWS\system32\browselc.dll
(0000000001bb0000 - 0000000001bcd000: c:\progra~1\mcafee.com\vso\mcvsshl.dll
(0000000001be0000 - 0000000001be4000: c:\progra~1\mcafee.com\vso\ShlRes.dll
(0000000001c60000 - 0000000001c77000: C:\WINDOWS\system32\odbcint.dll
(0000000001c80000 - 0000000001ca6000: C:\Program Files\DivX\Dr.DivX\EncodeDivXExt.dll
(0000000010000000 - 000000001001c000: c:\progra~1\mcafee.com\vso\McVSSkt.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(000000004ec50000 - 000000004edf3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\System32\themeui.dll
(000000005cb00000 - 000000005cb6e000: C:\WINDOWS\System32\shimgvw.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\System32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\System32\actxprxy.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073030000 - 0000000073040000: C:\WINDOWS\system32\WZCSAPI.DLL
(0000000073ba0000 - 0000000073bb3000: C:\WINDOWS\System32\sti.dll
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(00000000745e0000 - 00000000748a6000: C:\WINDOWS\system32\msi.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\System32\webcheck.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\System32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772ff000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778ce000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\System32\Secur32.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll

*----> State Dump for Thread Id 0xd0c <----*

eax=00000002 ebx=00000003 ecx=00f50010 edx=7c90eb94 esi=000e8350 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0be38 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 000e8350 7ffd7000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 000205e2 explorer+0x16e95
0007ffc0 7c816d4f 00dbc878 0006e890 7ffd7000 explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 d4 77 a2 3b a2 7c - ac 92 80 7c 50 83 0e 00 ...w.;.|...|P...
000000000007ff00 50 83 0e 00 14 ff 07 00 - 14 ff 07 00 38 be a0 7c P...........8..|
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 50 83 0e 00 ....\....n..P...
000000000007ff20 00 70 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 .p..........$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c ed aa 80 7c P.......'..|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 ca 6d 08 00 .............m..
000000000007ff50 a8 00 00 00 01 00 00 00 - 50 83 0e 00 c0 ff 07 00 ........P.......
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 e2 05 02 00 ................
000000000007ff70 05 00 00 00 78 c8 db 00 - 90 e8 06 00 44 00 00 00 ....x.......D...
000000000007ff80 34 06 02 00 14 06 02 00 - e4 05 02 00 00 00 00 00 4...............
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00 ................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00 ....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 4f 6d 81 7c - 78 c8 db 00 90 e8 06 00 ....Om.|x.......
000000000007ffd0 00 70 fd 7f 38 a9 54 80 - c8 ff 07 00 a8 dd 8e ff .p..8.T.........
000000000007ffe0 ff ff ff ff f3 99 83 7c - 58 6d 81 7c 00 00 00 00 .......|Xm.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00 ........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0xd10 <----*

eax=00f3ff54 ebx=00000000 ecx=000bac78 edx=7c90eb94 esi=000bac78 edi=000bad1c
eip=7c90eb94 esp=00f3fe1c ebp=00f3ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f3ff80 77e76c22 00f3ffa8 77e76a3b 000bac78 ntdll!KiFastSystemCallRet
00f3ff88 77e76a3b 000bac78 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00f3ffa8 77e76c0a 000bab30 00f3ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00f3ffb4 7c80b50b 000ca2f8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00f3ffec 00000000 77e76bf0 000ca2f8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f3fe1c 99 e3 90 7c 03 67 e7 77 - 8c 01 00 00 70 ff f3 00 ...|.g.w....p...
0000000000f3fe2c 00 00 00 00 50 07 15 00 - 54 ff f3 00 2f c5 57 80 ....P...T.../.W.
0000000000f3fe3c 4a c5 57 80 64 8d ae f1 - 78 f4 07 00 aa c4 57 80 J.W.d...x.....W.
0000000000f3fe4c 37 40 56 80 02 51 dd 82 - 00 00 8e ff a0 38 fc 82 7@V..Q.......8..
0000000000f3fe5c 6d bc 56 80 28 f9 07 00 - 04 00 00 00 fd bc 56 80 m.V.(.........V.
0000000000f3fe6c 02 00 00 00 8d 02 00 00 - 05 00 00 00 00 55 7e e1 .............U~.
0000000000f3fe7c 00 00 00 00 a8 dd 8e ff - 88 8b ae f1 25 3d 56 80 ............%=V.
0000000000f3fe8c 05 00 00 00 05 00 00 00 - 50 d9 2c e1 60 5b 03 e1 ........P.,.`[..
0000000000f3fe9c 02 00 00 00 fe ff f8 00 - 58 9c 88 e1 50 d9 2c e1 ........X...P.,.
0000000000f3feac b0 2e 56 00 00 00 00 00 - 00 00 00 00 5c 00 52 00 ..V.........\.R.
0000000000f3febc ff ff ff ff 28 8c ae f1 - 6c 31 56 80 e9 02 00 00 ....(...l1V.....
0000000000f3fecc 34 00 00 c0 40 51 dd 82 - 48 c4 00 e1 b8 2a 9b ff 4...@Q..H....*..
0000000000f3fedc ec 8b ae f1 c0 1b 50 80 - fc 8b ae f1 04 00 00 00 ......P.........
0000000000f3feec 00 00 00 00 b8 2a 9b ff - 34 52 ec 82 40 51 dd 82 .....*..4R..@Q..
0000000000f3fefc 00 00 00 00 18 00 00 00 - ff 00 00 00 00 00 00 00 ................
0000000000f3ff0c 20 8c ae f1 74 d8 8c ff - 20 8c ae f1 46 02 00 00 ...t... ...F...
0000000000f3ff1c ba c2 4d 80 44 d8 8c ff - d8 d6 8c ff 0c d7 8c ff ..M.D...........
0000000000f3ff2c 70 c1 ec 82 80 ff f3 00 - 99 66 e7 77 4c ff f3 00 p........f.wL...
0000000000f3ff3c a9 66 e7 77 ed 10 90 7c - 00 a1 0c 00 f8 a2 0c 00 .f.w...|........
0000000000f3ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xd18 <----*

eax=000600be ebx=77d4b8ba ecx=00000000 edx=7c90eb94 esi=010460d8 edi=00000000
eip=7c90eb94 esp=00fcff14 ebp=00fcff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00fcff44 01011e8b 00000000 00fcffb4 77f74292 ntdll!KiFastSystemCallRet
00fcff50 77f74292 010460d8 0000005c 0007fc04 explorer+0x11e8b
00fcffb4 7c80b50b 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x3e9
00fcffec 00000000 77f74223 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fcff14 18 94 d4 77 40 1a 00 01 - 00 00 00 00 d8 60 04 01 ...w@........`..
0000000000fcff24 00 00 00 00 16 01 06 00 - 2a c0 00 00 02 00 00 00 ........*.......
0000000000fcff34 9a 00 10 00 dc e0 10 00 - 09 02 00 00 fb 02 00 00 ................
0000000000fcff44 50 ff fc 00 8b 1e 01 01 - 00 00 00 00 b4 ff fc 00 P...............
0000000000fcff54 92 42 f7 77 d8 60 04 01 - 5c 00 00 00 04 fc 07 00 .B.w.`..\.......
0000000000fcff64 bc fd 07 00 62 1e 01 01 - b1 79 01 01 a4 01 00 00 ....b....y......
0000000000fcff74 d8 60 04 01 08 00 00 00 - 00 00 00 00 00 00 00 00 .`..............
0000000000fcff84 00 00 00 00 00 00 00 00 - a1 a8 4f 80 00 00 00 00 ..........O.....
0000000000fcff94 00 00 00 00 00 00 00 00 - 81 a8 4f 80 98 8c 7d f1 ..........O...}.
0000000000fcffa4 0a 2c 6f 80 00 00 00 00 - 00 00 00 00 dc e2 90 7c .,o............|
0000000000fcffb4 ec ff fc 00 0b b5 80 7c - 00 00 00 00 5c 00 00 00 .......|....\...
0000000000fcffc4 04 fc 07 00 bc fd 07 00 - 00 c0 fd 7f 00 46 fc 82 .............F..
0000000000fcffd4 c0 ff fc 00 d8 65 ba ff - ff ff ff ff f3 99 83 7c .....e.........|
0000000000fcffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
0000000000fcfff4 23 42 f7 77 bc fd 07 00 - 00 00 00 00 00 00 00 00 #B.w............
0000000000fd0004 9f 40 13 00 10 00 90 01 - 17 00 b0 01 ff ff ff 00 .@..............
0000000000fd0014 ff ff ff 00 00 00 00 00 - 00 00 00 00 ff ff ff 00 ................
0000000000fd0024 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fd0034 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00 00 ................
0000000000fd0044 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00 00 ................

*----> State Dump for Thread Id 0xd1c <----*

eax=7c92798d ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff edi=7c90fb78
eip=7c90eb94 esp=0113ff9c ebp=0113ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0113ffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
0113ffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000113ff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 13 01 \..|.y.|........
000000000113ffac 00 00 00 00 00 00 00 80 - ec ff 13 01 0b b5 80 7c ...............|
000000000113ffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00 ....x..|........
000000000113ffcc 00 b0 fd 7f 00 46 fc 82 - c0 ff 13 01 e8 06 9b ff .....F..........
000000000113ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000113ffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
000000000113fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000114009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011400ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011400bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011400cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xd24 <----*

eax=000000c0 ebx=00000000 ecx=00fcfbbc edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=011bfcec ebp=011bffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
011bffb4 7c80b50b 00000000 00000020 00fcfce4 ntdll!KiFastSystemCallRet
011bffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000011bfcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd 1b 01 ...|...|....0...
00000000011bfcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
00000000011bfd0c e4 fc fc 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
00000000011bfd1c d4 01 00 00 24 0d 00 00 - 03 00 00 00 03 00 00 00 ....$...........
00000000011bfd2c 02 00 00 00 d0 01 00 00 - b8 01 00 00 38 04 00 00 ............8...
00000000011bfd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011bfe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xd2c <----*

eax=014d0010 ebx=00126940 ecx=00008000 edx=7c90eb94 esi=00000000 edi=7ffd7000
eip=7c90eb94 esp=011ffd30 ebp=011ffdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
011ffdcc 77d495f9 00000009 011ffdf4 00000000 ntdll!KiFastSystemCallRet
011ffe28 7c9f4e37 00000008 011ffe50 ffffffff USER32!GetLastInputInfo+0x105
011fff4c 7ca0a334 77f74292 00000000 7c809988 SHELL32!Ordinal646+0x21e2
011fffb4 7c80b50b 00000000 7c809988 00000001 SHELL32!Ordinal753+0x133
011fffec 00000000 77f74223 00fcf4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000011ffd30 ab e9 90 7c f2 94 80 7c - 09 00 00 00 40 69 12 00 ...|...|....@i..
00000000011ffd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011ffd50 09 00 00 00 02 00 00 00 - 80 9a 54 00 14 00 00 00 ..........T.....
00000000011ffd60 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
00000000011ffd70 00 00 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 ....0...........
00000000011ffd80 60 e0 0d 00 00 00 00 00 - 00 00 00 00 ec fd 1f 01 `...............
00000000011ffd90 67 04 d7 77 30 88 d4 77 - 00 70 fd 7f 00 80 fd 7f g..w0..w.p......
00000000011ffda0 00 80 fd 7f 00 00 00 00 - 40 69 12 00 14 01 05 00 ........@i......
00000000011ffdb0 09 00 00 00 4c fd 1f 01 - 00 00 00 00 dc ff 1f 01 ....L...........
00000000011ffdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe 1f 01 ...|...|....(...
00000000011ffdd0 f9 95 d4 77 09 00 00 00 - f4 fd 1f 01 00 00 00 00 ...w............
00000000011ffde0 ff ff ff ff 01 00 00 00 - 98 06 0d 00 08 00 00 00 ................
00000000011ffdf0 00 00 00 00 cc 05 00 00 - e4 02 00 00 94 04 00 00 ................
00000000011ffe00 40 04 00 00 08 03 00 00 - 00 02 00 00 18 02 00 00 @...............
00000000011ffe10 20 02 00 00 f4 01 00 00 - 00 00 00 00 01 00 00 00 ...............
00000000011ffe20 00 80 fd 7f f4 01 00 00 - 4c ff 1f 01 37 4e 9f 7c ........L...7N.|
00000000011ffe30 08 00 00 00 50 fe 1f 01 - ff ff ff ff ff 04 00 00 ....P...........
00000000011ffe40 f4 fd 1f 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011ffe50 cc 05 00 00 e4 02 00 00 - 94 04 00 00 40 04 00 00 ............@...
00000000011ffe60 08 03 00 00 00 02 00 00 - 18 02 00 00 20 02 00 00 ............ ...

*----> State Dump for Thread Id 0xd3c <----*

eax=00000022 ebx=00000000 ecx=00000010 edx=0002a3f9 esi=000bac78 edi=000bad1c
eip=7c90eb94 esp=0147fe1c ebp=0147ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0147ff80 77e76c22 0147ffa8 77e76a3b 000bac78 ntdll!KiFastSystemCallRet
0147ff88 77e76a3b 000bac78 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
0147ffa8 77e76c0a 000bab30 0147ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0147ffb4 7c80b50b 000f11d0 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
0147ffec 00000000 77e76bf0 000f11d0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000147fe1c 99 e3 90 7c 03 67 e7 77 - 8c 01 00 00 70 ff 47 01 ...|.g.w....p.G.
000000000147fe2c 00 00 00 00 78 ad 0d 00 - 4c ff 47 01 00 00 00 00 ....x...L.G.....
000000000147fe3c 46 02 00 00 ce 39 4e 80 - 00 00 00 00 b8 68 d1 81 F....9N......h..
000000000147fe4c 00 00 00 00 02 1b 1e f2 - 00 00 4e 80 80 1c 1e f2 ..........N.....
000000000147fe5c 01 00 00 00 00 00 00 00 - 00 00 00 00 b8 68 d1 81 .............h..
000000000147fe6c 03 00 00 00 38 dd ef 82 - 00 00 00 00 01 46 2b e1 ....8........F+.
000000000147fe7c e6 a6 60 00 70 1b 1e f2 - 3b a7 60 f8 e0 46 2b e1 ..`.p...;.`..F+.
000000000147fe8c 70 98 ad ff fc 1b 1e f2 - ba f4 62 f8 38 dd ef 82 p.........b.8...
000000000147fe9c b8 68 d1 81 c8 f4 62 f8 - a8 2e 4e 80 f0 66 f5 82 .h....b...N..f..
000000000147feac b8 68 d1 81 01 00 00 00 - 00 00 00 00 00 00 00 00 .h..............
000000000147febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000147fecc 01 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
000000000147fedc 01 b0 54 80 90 1b 1e f2 - 03 00 00 00 70 98 ad ff ..T.........p...
000000000147feec 00 e1 f6 82 18 46 2b e1 - e0 46 2b e1 00 00 00 00 .....F+..F+.....
000000000147fefc 00 00 00 00 38 dd ef 82 - 84 1b 1e f2 ff ff ff ff ....8...........
000000000147ff0c ff ff ff ff 74 cd f2 82 - 20 1c 1e f2 46 02 00 00 ....t... ...F...
000000000147ff1c ba c2 4d 80 44 cd f2 82 - d8 cb f2 82 0c cc f2 82 ..M.D...........
000000000147ff2c c8 74 f5 82 80 ff 47 01 - 99 66 e7 77 4c ff 47 01 .t....G..f.wL.G.
000000000147ff3c a9 66 e7 77 ed 10 90 7c - d0 2b 13 00 d0 11 0f 00 .f.w...|.+......
000000000147ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xd58 <----*

eax=0014ff70 ebx=00004e20 ecx=0014ff70 edx=046a0004 esi=0154fd68 edi=77d491c6
eip=7c90eb94 esp=0154fcf8 ebp=0154fd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0154fd14 76281513 0154fd68 00000000 00000000 ntdll!KiFastSystemCallRet
0154fd8c 76283746 76280000 00000000 0008006c stobject+0x1513
0154ffb4 7c80b50b 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x1fa4
0154ffec 00000000 762836f7 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000154fcf8 be 91 d4 77 f1 91 d4 77 - 68 fd 54 01 00 00 00 00 ...w...wh.T.....
000000000154fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd 54 01 ..............T.
000000000154fd18 13 15 28 76 68 fd 54 01 - 00 00 00 00 00 00 00 00 ..(vh.T.........
000000000154fd28 00 00 00 00 00 00 00 00 - 00 00 28 76 00 00 00 00 ..........(v....
000000000154fd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00 0....@..!.(v....
000000000154fd48 1e 00 00 00 00 00 28 76 - 17 01 0e 00 11 00 01 00 ......(v........
000000000154fd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00 .........1(v....
000000000154fd68 6c 00 08 00 b8 c0 00 00 - 00 00 00 00 00 00 00 00 l...............
000000000154fd78 a5 b8 10 00 14 01 00 00 - 6e 02 00 00 00 00 00 00 ........n.......
000000000154fd88 00 00 00 00 b4 ff 54 01 - 46 37 28 76 00 00 28 76 ......T.F7(v..(v
000000000154fd98 00 00 00 00 6c 00 08 00 - 01 00 00 00 00 00 00 00 ....l...........
000000000154fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00 C.:.\.W.I.N.D.O.
000000000154fdb8 57 00 53 00 5c 00 53 00 - 79 00 73 00 74 00 65 00 W.S.\.S.y.s.t.e.
000000000154fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00 m.3.2.\.s.t.o.b.
000000000154fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00 j.e.c.t...d.l.l.
000000000154fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff 54 01 ...|..........T.
000000000154fdf8 23 00 00 00 56 08 81 7c - 1b 00 00 00 00 02 00 00 #...V..|........
000000000154fe08 fc ff 4c 01 2c 4b 6c f2 - 00 43 fc 82 38 a9 54 80 ..L.,Kl..C..8.T.
000000000154fe18 00 00 04 00 90 7c 98 ff - d0 67 de 82 40 53 00 c0 .....|...g..@S..
000000000154fe28 00 00 00 00 00 ff 4c 01 - e8 67 de 82 00 00 00 00 ......L..g......

*----> State Dump for Thread Id 0xd5c <----*

eax=72d230e8 ebx=015cfef8 ecx=000000ab edx=0013e160 esi=00000000 edi=7ffd7000
eip=7c90eb94 esp=015cfed0 ebp=015cff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
015cff6c 7c809c86 00000002 015cffa4 00000000 ntdll!KiFastSystemCallRet
015cff88 72d2312a 00000002 015cffa4 00000000 kernel32!WaitForMultipleObjects+0x18
015cffb4 7c80b50b 00000000 00000000 00090000 wdmaud!midMessage+0x348
015cffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000015cfed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe 5c 01 ...|...|......\.
00000000015cfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015cfef0 00 00 00 00 00 00 00 00 - 00 04 00 00 f4 03 00 00 ................
00000000015cff00 20 4c 6c f2 30 8b 83 82 - 20 f1 df ff 46 02 00 00 Ll.0... ...F...
00000000015cff10 0d c1 4d 80 a0 8b 83 82 - 14 00 00 00 01 00 00 00 ..M.............
00000000015cff20 80 ce 13 00 00 00 00 00 - 00 00 00 00 21 1e c6 01 ............!...
00000000015cff30 80 9c 14 96 ea b5 57 80 - 00 70 fd 7f 00 d0 fa 7f ......W..p......
00000000015cff40 00 d0 fa 7f 00 00 00 00 - f8 fe 5c 01 05 00 00 00 ..........\.....
00000000015cff50 02 00 00 00 ec fe 5c 01 - 00 00 00 00 dc ff 5c 01 ......\.......\.
00000000015cff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff 5c 01 ...|...|......\.
00000000015cff70 86 9c 80 7c 02 00 00 00 - a4 ff 5c 01 00 00 00 00 ...|......\.....
00000000015cff80 ff ff ff ff 00 00 00 00 - b4 ff 5c 01 2a 31 d2 72 ..........\.*1.r
00000000015cff90 02 00 00 00 a4 ff 5c 01 - 00 00 00 00 ff ff ff ff ......\.........
00000000015cffa0 00 00 09 00 00 04 00 00 - f4 03 00 00 00 00 00 00 ................
00000000015cffb0 dc e2 90 7c ec ff 5c 01 - 0b b5 80 7c 00 00 00 00 ...|..\....|....
00000000015cffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 d0 fa 7f ................
00000000015cffd0 00 46 fc 82 c0 ff 5c 01 - 30 06 a9 ff ff ff ff ff .F....\.0.......
00000000015cffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
00000000015cfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00 .....0.r........
00000000015d0000 c8 00 00 00 44 01 00 00 - ff ee ff ee 02 00 00 00 ....D...........

*----> State Dump for Thread Id 0xd68 <----*

eax=00000000 ebx=00000000 ecx=000ba978 edx=001500c0 esi=000bac78 edi=000bad1c
eip=7c90eb94 esp=0173fe1c ebp=0173ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0173ff80 77e76c22 0173ffa8 77e76a3b 000bac78 ntdll!KiFastSystemCallRet
0173ff88 77e76a3b 000bac78 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
0173ffa8 77e76c0a 000bab30 0173ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0173ffb4 7c80b50b 001500a8 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
0173ffec 00000000 77e76bf0 001500a8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000173fe1c 99 e3 90 7c 03 67 e7 77 - 8c 01 00 00 70 ff 73 01 ...|.g.w....p.s.
000000000173fe2c 00 00 00 00 d0 36 13 00 - 54 ff 73 01 00 00 00 00 .....6..T.s.....
000000000173fe3c 18 80 10 e1 30 80 10 e1 - cc cb 9f f1 18 80 10 e1 ....0...........
000000000173fe4c 1c 80 10 e1 02 f2 fe 82 - 00 00 56 80 0c 00 00 00 ..........V.....
000000000173fe5c a0 f2 fe 82 f3 ff ff ff - 00 60 54 d1 78 6c a1 82 .........`T.xl..
000000000173fe6c 01 00 00 00 c3 8c 57 80 - 00 00 00 00 45 00 00 00 ......W.....E...
000000000173fe7c 44 00 00 00 78 6c a1 82 - 98 cb 9f f1 e3 6c 56 80 D...xl.......lV.
000000000173fe8c b8 78 d2 e1 74 06 00 00 - bb 4b 01 00 88 29 c0 81 .x..t....K...)..
000000000173fe9c 00 00 00 00 9c 36 50 c0 - 80 2a ac ff 60 0c 00 00 .....6P..*..`...
000000000173feac c0 cb 9f f1 bd b2 4e 80 - 60 0c 00 00 80 2a ac ff ......N.`....*..
000000000173febc 00 f0 24 01 10 00 30 c0 - 3c 49 00 c0 60 0c 00 00 ..$...0.<I..`...
000000000173fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000173fedc 00 00 00 00 84 cc 9f f1 - 8e b5 4e 80 10 00 30 c0 ..........N...0.
000000000173feec 84 cc 9f f1 06 b4 4e 80 - 00 f0 24 01 00 00 00 00 ......N...$.....
000000000173fefc 00 00 00 00 ff ff 24 01 - 88 28 ac ff 01 c6 97 ff ......$..(......
000000000173ff0c 00 00 00 00 bc 51 d1 81 - 20 cc 9f f1 46 02 00 00 .....Q.. ...F...
000000000173ff1c ba c2 4d 80 8c 51 d1 81 - 20 50 d1 81 54 50 d1 81 ..M..Q.. P..TP..
000000000173ff2c e8 ba 57 80 80 ff 73 01 - 99 66 e7 77 4c ff 73 01 ..W...s..f.wL.s.
000000000173ff3c a9 66 e7 77 ed 10 90 7c - 20 00 15 00 a8 00 15 00 .f.w...| .......
000000000173ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xdb4 <----*

eax=0183e848 ebx=00000000 ecx=0183e848 edx=00010001 esi=7c97c380 edi=7c97c3a0
eip=7c90eb94 esp=0183ff70 ebp=0183ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0183ffb4 7c80b50b 00000000 0007df4c 0007df4c ntdll!KiFastSystemCallRet
0183ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000183ff70 1b e3 90 7c 9d 07 91 7c - cc 01 00 00 ac ff 83 01 ...|...|........
000000000183ff80 b0 ff 83 01 98 ff 83 01 - a0 ff 83 01 4c df 07 00 ............L...
000000000183ff90 4c df 07 00 00 00 00 00 - 00 00 00 00 58 1e 15 00 L...........X...
000000000183ffa0 00 7c 28 e8 ff ff ff ff - 00 00 00 00 69 75 92 7c .|(.........iu.|
000000000183ffb0 20 7c 17 00 ec ff 83 01 - 0b b5 80 7c 00 00 00 00 |.........|....
000000000183ffc0 4c df 07 00 4c df 07 00 - 00 00 00 00 00 e0 fa 7f L...L...........
000000000183ffd0 00 46 fc 82 c0 ff 83 01 - f8 74 af ff ff ff ff ff .F.......t......
000000000183ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000183fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00 ....`..|........
0000000001840000 c8 00 00 00 1b 01 00 00 - ff ee ff ee 02 10 00 00 ................
0000000001840010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..
0000000001840020 00 02 00 00 00 20 00 00 - a7 00 00 00 ff ef fd 7f ..... ..........
0000000001840030 0e 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001840040 00 00 00 00 98 05 84 01 - 0f 00 00 00 f8 ff ff ff ................
0000000001840050 50 00 84 01 50 00 84 01 - 40 06 84 01 00 00 00 00 P...P...@.......
0000000001840060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001840070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001840080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001840090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000018400a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xf90 <----*

eax=01bf0000 ebx=00f8bbc8 ecx=00001000 edx=7c90eb94 esi=000005c8 edi=00000000
eip=7c90eb94 esp=00f8bbac ebp=00f8beb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f8beb4 7c965714 00f8c054 00f8c328 01fb415b ntdll!KiFastSystemCallRet
00f8bff4 7c9661a1 00f8c054 01fa0000 c0000005 ntdll!RtlTraceDatabaseAdd+0x1b9
00f8c32c 7c94ea5f 01fb415b fffffffe fffffffe ntdll!RtlUnhandledExceptionFilter+0xb2
00f8c380 7c93783a 01fb415b 01fa0000 00f8c414 ntdll!RtlInitializeSListHead+0x15a4f
00f8c3fc 7c90eafa 00000000 00f8c430 00f8c414 ntdll!LdrAddRefDll+0x221
00f8c704 00000000 01c95804 00000001 00f8c740 ntdll!KiUserExceptionDispatcher+0xe

*----> Raw Stack Dump <----*
0000000000f8bbac ab e9 90 7c d5 33 86 7c - 02 00 00 00 e4 bc f8 00 ...|.3.|........
0000000000f8bbbc 01 00 00 00 01 00 00 00 - 00 00 00 00 43 00 3a 00 ............C.:.
0000000000f8bbcc 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00 \.W.I.N.D.O.W.S.
0000000000f8bbdc 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00 \.s.y.s.t.e.m.3.
0000000000f8bbec 32 00 5c 00 64 00 72 00 - 77 00 74 00 73 00 6e 00 2.\.d.r.w.t.s.n.
0000000000f8bbfc 33 00 32 00 20 00 2d 00 - 70 00 20 00 33 00 33 00 3.2. .-.p. .3.3.
0000000000f8bc0c 33 00 36 00 20 00 2d 00 - 65 00 20 00 31 00 34 00 3.6. .-.e. .1.4.
0000000000f8bc1c 38 00 30 00 20 00 2d 00 - 67 00 00 00 00 00 00 00 8.0. .-.g.......
0000000000f8bc2c 2e 00 00 00 00 00 00 00 - 00 00 00 00 b4 be f8 00 ................
0000000000f8bc3c 0f 32 86 7c 05 00 00 00 - b4 be f8 00 41 32 86 7c .2.|........A2.|
0000000000f8bc4c 69 32 86 7c 00 00 00 00 - 00 00 00 00 54 c0 f8 00 i2.|........T...
0000000000f8bc5c 44 00 00 00 00 00 00 00 - 78 34 86 7c 00 00 00 00 D.......x4.|....
0000000000f8bc6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f8bc7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f8bc8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f8bc9c 00 00 00 00 00 d0 fd 7f - d8 c0 97 7c 00 00 00 00 ...........|....
0000000000f8bcac 00 00 00 00 00 d0 fd 7f - 00 00 00 00 00 00 00 00 ................
0000000000f8bcbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f8bccc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f8bcdc 00 00 00 00 00 00 00 00 - c8 05 00 00 a4 06 00 00 ................

*----> State Dump for Thread Id 0xf98 <----*

eax=774fe429 ebx=00007530 ecx=00f8dda4 edx=00090000 esi=00000000 edi=01a0ff50
eip=7c90eb94 esp=01a0ff20 ebp=01a0ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
01a0ff78 7c802451 0000ea60 00000000 01a0ffb4 ntdll!KiFastSystemCallRet
01a0ff88 774fe31d 0000ea60 000db530 774fe3dc kernel32!Sleep+0xf
01a0ffb4 7c80b50b 000db530 00f8e054 00000010 ole32!StringFromGUID2+0x51b
01a0ffec 00000000 774fe429 000db530 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001a0ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff a0 01 \..|.#.|....P...
0000000001a0ff30 50 25 80 7c f8 6d 60 77 - 30 75 00 00 14 00 00 00 P%.|.m`w0u......
0000000001a0ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000001a0ff50 00 ba 3c dc ff ff ff ff - 00 d1 4e 77 50 ff a0 01 ..<.......NwP...
0000000001a0ff60 30 ff a0 01 68 83 11 00 - dc ff a0 01 f3 99 83 7c 0...h..........|
0000000001a0ff70 58 24 80 7c 00 00 00 00 - 88 ff a0 01 51 24 80 7c X$.|........Q$.|
0000000001a0ff80 60 ea 00 00 00 00 00 00 - b4 ff a0 01 1d e3 4f 77 `.............Ow
0000000001a0ff90 60 ea 00 00 30 b5 0d 00 - dc e3 4f 77 00 00 00 00 `...0.....Ow....
0000000001a0ffa0 54 e0 f8 00 30 b5 0d 00 - 00 00 4e 77 44 e4 4f 77 T...0.....NwD.Ow
0000000001a0ffb0 10 00 00 00 ec ff a0 01 - 0b b5 80 7c 30 b5 0d 00 ...........|0...
0000000001a0ffc0 54 e0 f8 00 10 00 00 00 - 30 b5 0d 00 00 60 fd 7f T.......0....`..
0000000001a0ffd0 00 46 fc 82 c0 ff a0 01 - 20 54 ac ff ff ff ff ff .F...... T......
0000000001a0ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000001a0fff0 00 00 00 00 29 e4 4f 77 - 30 b5 0d 00 00 00 00 00 ....).Ow0.......
0000000001a10000 40 00 a1 01 00 00 00 00 - 00 00 00 00 00 00 00 00 @...............
0000000001a10010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001a10020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001a10030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001a10040 80 00 a1 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001a10050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xf9c <----*

eax=01af1010 ebx=01aafde8 ecx=01ac0760 edx=00000002 esi=00000000 edi=7ffd7000
eip=7c90eb94 esp=01aafdc0 ebp=01aafe5c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\DUSER.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
01aafe5c 77d495f9 00000002 01aafe84 00000000 ntdll!KiFastSystemCallRet
01aafeb8 6c1e4b92 00000001 01aafeec ffffffff USER32!GetLastInputInfo+0x105
01aafed8 6c1e4ddc 000004ff ffffffff 00000001 DUSER+0x34b92
01aaff0c 6c1de394 01aaff4c 00000000 00000000 DUSER+0x34ddc
01aaff2c 6c1da6f1 01aaff4c 00000000 00000000 DUSER!GetMessageExA+0x44
01aaff80 77c3a3b0 00000000 7c910000 7c9131dc DUSER!DUserStopAnimation+0xa505
01aaffb4 7c80b50b 0003c190 7c910000 7c9131dc msvcrt!endthreadex+0xa9
01aaffec 00000000 77c3a341 0003c190 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001aafdc0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 e8 fd aa 01 ...|...|........
0000000001aafdd0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001aafde0 02 00 00 00 04 00 00 00 - 78 05 00 00 8c 02 00 00 ........x.......
0000000001aafdf0 53 00 01 01 e0 00 00 00 - 00 02 00 00 00 20 af 01 S............ ..
0000000001aafe00 40 fe aa 01 b1 a2 1c 6c - 14 00 00 00 01 00 00 00 @......l........
0000000001aafe10 00 00 00 00 00 00 00 00 - 10 00 00 00 00 20 af 01 ............. ..
0000000001aafe20 01 00 04 00 00 00 00 00 - 00 70 fd 7f 00 50 fd 7f .........p...P..
0000000001aafe30 a4 ff aa 01 00 00 00 00 - e8 fd aa 01 00 00 00 00 ................
0000000001aafe40 02 00 00 00 dc fd aa 01 - 00 20 af 01 a4 ff aa 01 ......... ......
0000000001aafe50 f3 99 83 7c 90 95 80 7c - 00 00 00 00 b8 fe aa 01 ...|...|........
0000000001aafe60 f9 95 d4 77 02 00 00 00 - 84 fe aa 01 00 00 00 00 ...w............
0000000001aafe70 ff ff ff ff 00 00 00 00 - 60 0d 13 00 01 00 00 00 ........`.......
0000000001aafe80 4c ff aa 01 78 05 00 00 - 8c 02 00 00 8e 72 1e 6c L...x........r.l
0000000001aafe90 ff ff ff ff a9 72 1e 6c - c3 b8 10 00 b8 12 de 01 .....r.l........
0000000001aafea0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001aafeb0 00 50 fd 7f 8c 02 00 00 - d8 fe aa 01 92 4b 1e 6c .P...........K.l
0

#15 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 21 January 2006 - 07:11 AM

Some research shows that there may be many causes for this.

Let's try the most common ones first.

1) Go to Control Panel Add/Remove Programs and uninstall all third party codecs that you have and see if that solves the problem..

2) Next to try is, trying to uninstall any program that has an entry in your right click. Other than Divx (which you should uninstall in step 1) the only one you have is Mcafee I believe. See if uninstalling resolves the issue and a reinstall brings it back.

3) If no luck, try uninstalling and reinstalling Service Pack 2 and see if that resolves the issue.

4) You may have some corrupt system files. For that you should run System File Checker:

Hello, we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
See if any of the above help..if not, go to user accounts and create a new user and see if the problem persists under the new account..

#16 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 21 January 2006 - 01:11 PM

OK, now we are getting somewhere. I uninstalled Service Pack 2. I rebooted and was able to right click without my computer locking up. Now as far as reinstalling SP 2, how do I do that?

P.S. I do really appreciate the time and effort you have put into this. You just don't know!

#17 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 22 January 2006 - 06:18 AM

This page gives the link for downloading SP2.

http://www.microsoft...p2/default.mspx

Now let's hope the problem was corrupted SP2 files and the problem doesn't come back with the reinstall.

#18 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 January 2006 - 07:04 PM

Hey just wanted to let you know.... I'm still downloading updates and SP2 ( I'm on dial-up...I know I know..I'm way behind the times, but I can't justify the money yet.. I'm married, she won't let me ).

But, I will let you know if something goes wrong. Thanks Again for all the help. You Guys Are The BOMB!!

#19 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 25 January 2006 - 06:18 AM

SP2 is a very huge download for a dialup connection. An alternative would be to order it on CD from Microsoft:

http://www.microsoft...us/default.mspx

#20 martimar9

martimar9

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 28 January 2006 - 04:52 PM

Finally downloaded SP2 and reinstalled it. Same thing. Right click on icons, computer locks up. Sometimes, I get a Dr. Watson's error. Would I be better off un-installing SP2 and not re-install it? Or should I contact Microsoft?

#21 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 29 January 2006 - 07:03 AM

Now this is hard to tell..you probably have a program on your computer that is not compatible with SP2, but the only way to determine that would be trial and error..ie uninstall a program and see if it starts to work after the uninstall..you may have to try this for all the programs you have..and that may not even provide a solution if the culprit is not an uncompatible program..

The other option is to uninstall SP2 again, but that will leave your computer vulnerable to numerous infections..in that case you should be extremely careful while surfing the web and have the most protection you can provide..

The choice is yours..both options are not attractive at all..

#22 Armodeluxe

Armodeluxe

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,896 posts

Posted 17 February 2006 - 06:39 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




Member of UNITE
Support SpywareInfo Forum - click the button