Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
2 Pages V   1 2 >  
 Closed TopicStart new topic
DrWatson Postmortem Debugger Problem [CLOSED]
Niro T
post Sep 17 2008, 03:28 PM
Post #1


Member
**
Posts: 17
OS: Windows XP
"DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience."

When I click Send or Don't Send my computer crashes and I don't know how to post my HJT Log.

Can someone help me please and thank you.
Go to the top of the page
 
+Quote Post
Niro T
post Sep 18 2008, 02:13 PM
Post #2


Member
**
Posts: 17
OS: Windows XP
Ok I've searched around and I found out how to run hjt.
This is my hjt log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2500W STD] C:\WINDOWS\system32\MSTMON02.EXE STARTUP
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15105/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Go to the top of the page
 
+Quote Post
koko_crunch
post Sep 22 2008, 05:18 AM
Post #3


Trusted Helper
Group Icon
Posts: 1,712
OS: Windows XP
Hello Niro T and Welcome to Geeks to Go!

Sorry for the delay. It has been a busy week. smile.gif

Let's first do a scan.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with MBAM log along with a new HijackThis log.
Go to the top of the page
 
+Quote Post
Niro T
post Sep 23 2008, 03:16 PM
Post #4


Member
**
Posts: 17
OS: Windows XP
Ok so I've done what you said and here's the mbam-log:

Malwarebytes' Anti-Malware 1.28
Database version: 1200
Windows 5.1.2600 Service Pack 2

23/09/2008 5:14:05 PM
mbam-log-2008-09-23 (17-14-05).txt

Scan type: Quick Scan
Objects scanned: 67434
Time elapsed: 20 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:29 PM, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2500W STD] C:\WINDOWS\system32\MSTMON02.EXE STARTUP
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15105/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8390 bytes
Go to the top of the page
 
+Quote Post
koko_crunch
post Sep 24 2008, 12:09 PM
Post #5


Trusted Helper
Group Icon
Posts: 1,712
OS: Windows XP
Hmm, your log is clean.
Let's run an online scan to rule out malware.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then,

Please do an online scan with Kaspersky WebScanner

Temporarily disable your resident Antivirus software before proceeding.

Welcome Information page will open. Click on Accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded, click on Scan
    • Now under that section select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Enable you Anti-Virus protection once scan is done.
Go to the top of the page
 
+Quote Post
Niro T
post Sep 24 2008, 05:05 PM
Post #6


Member
**
Posts: 17
OS: Windows XP
Ok I've scanned my system with the scanner and here's the report:

Wednesday, September 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 16:26:54
Records in database: 1255995


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 61760
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:02:51

No malware has been detected. The scan area is clean.
The selected area was scanned
Go to the top of the page
 
+Quote Post
koko_crunch
post Sep 24 2008, 08:54 PM
Post #7


Trusted Helper
Group Icon
Posts: 1,712
OS: Windows XP
Looks to me that you're system is clean, let's try to work out what wrong with drwatson.
Goto "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson" then paste contest of "drwtsn32.log".
Go to the top of the page
 
+Quote Post
Niro T
post Sep 25 2008, 02:52 PM
Post #8


Member
**
Posts: 17
OS: Windows XP
Here's the drwtsn32 log:

Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\PROGRA~1\Yahoo!\YOP\yop.exe (pid=680)
When: 8/24/2008 @ 15:24:45.093
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: COMPUTER
User Name: Niro
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 3 Stepping 3
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: N

*----> Task List <----*
0 System Process
4 System
880 smss.exe
952 csrss.exe
980 winlogon.exe
1024 services.exe
1036 lsass.exe
1212 svchost.exe
1276 svchost.exe
1400 svchost.exe
1512 svchost.exe
1648 svchost.exe
1776 ccSvcHst.exe
432 spoolsv.exe
1236 Explorer.EXE
1460 AluSchedulerSvc.exe
240 alg.exe
680 yop.exe
824 ccSvcHst.exe
856 jusched.exe
1000 iTouch.exe
400 ctfmon.exe
1356 DAP.EXE
224 BackWeb-8876480.exe
2124 em_exec.exe
2772 rundll32.exe
3576 drwtsn32.exe

*----> Module List <----*
(00000000003e0000 - 00000000003f7000: C:\Program Files\Yahoo!\YOP\UIRes.dll
(0000000000400000 - 000000000047d000: C:\PROGRA~1\Yahoo!\YOP\yop.exe
(0000000000ad0000 - 0000000000adb000: C:\Program Files\Yahoo!\YOP\langRes.dll
(0000000010000000 - 0000000010019000: C:\Program Files\Yahoo!\YOP\helpers.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\imagehlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007e1e0000 - 000000007e7a9000: C:\WINDOWS\system32\ieframe.dll

*----> State Dump for Thread Id 0x30c <----*

eax=7726b46a ebx=00000000 ecx=00008887 edx=00000040 esi=00000000 edi=00000001
eip=77263714 esp=0012d65c ebp=0012d668 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\urlmon.dll -
function: urlmon!CoInternetIsFeatureEnabled
77263703 90 nop
77263704 8bff mov edi,edi
77263706 55 push ebp
77263707 8bec mov ebp,esp
77263709 51 push ecx
7726370a 53 push ebx
7726370b 8b5d10 mov ebx,[ebp+0x10]
7726370e 56 push esi
7726370f 33f6 xor esi,esi
77263711 8975fc mov [ebp-0x4],esi
FAULT ->77263714 8933 mov [ebx],esi ds:0023:00000000=????????
77263716 e857f2ffff call urlmon!CoInternetIsFeatureEnabled+0x1c2 (77262972)
7726371b 85c0 test eax,eax
7726371d 0f8487330200 je urlmon!UrlMkGetSessionOption+0xa1fa (77286aaa)
77263723 397514 cmp [ebp+0x14],esi
77263726 57 push edi
77263727 0f852c7d0000 jne urlmon!DllGetClassObject+0x3b27 (7726b459)
7726372d 397508 cmp [ebp+0x8],esi
77263730 0f857e330200 jne urlmon!UrlMkGetSessionOption+0xa204 (77286ab4)
77263736 6a18 push 0x18
77263738 e8cef0ffff call urlmon!CoInternetIsFeatureEnabled+0x5b (7726280b)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ieframe.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\PROGRA~1\Yahoo!\YOP\yop.exe
ChildEBP RetAddr Args to Child
0012d668 7726b481 00000000 7726b488 00000000 urlmon!CoInternetIsFeatureEnabled+0xf64
0012d680 7e2602d3 0012d6b4 00000000 0012e778 urlmon!CoInternetCreateZoneManager+0x17
0012e700 7e349808 00166f4c 0012e778 0012e768 ieframe!SoftwareUpdateMessageBox+0x15f5
0012e72c 0041ad6d 00160d38 0012e778 0012e768 ieframe!Ordinal164+0x1efcf
00160c18 0000000e 00160c18 7e21c3d8 000100c0 yop+0x1ad6d

*----> Raw Stack Dump <----*
000000000012d65c 4c 6f 16 00 00 00 00 00 - 00 00 00 00 80 d6 12 00 Lo..............
000000000012d66c 81 b4 26 77 00 00 00 00 - 88 b4 26 77 00 00 00 00 ..&w......&w....
000000000012d67c 78 e7 12 00 00 e7 12 00 - d3 02 26 7e b4 d6 12 00 x.........&~....
000000000012d68c 00 00 00 00 78 e7 12 00 - 4c 6f 16 00 68 e7 12 00 ....x...Lo..h...
000000000012d69c 68 e7 12 00 78 e7 12 00 - 68 e7 12 00 38 bf 17 00 h...x...h...8...
000000000012d6ac 00 00 00 00 00 00 00 00 - 43 00 3a 00 5c 00 44 00 ........C.:.\.D.
000000000012d6bc 6f 00 63 00 75 00 6d 00 - 65 00 6e 00 74 00 73 00 o.c.u.m.e.n.t.s.
000000000012d6cc 20 00 61 00 6e 00 64 00 - 20 00 53 00 65 00 74 00 .a.n.d. .S.e.t.
000000000012d6dc 74 00 69 00 6e 00 67 00 - 73 00 5c 00 41 00 6c 00 t.i.n.g.s.\.A.l.
000000000012d6ec 6c 00 20 00 55 00 73 00 - 65 00 72 00 73 00 5c 00 l. .U.s.e.r.s.\.
000000000012d6fc 41 00 70 00 70 00 6c 00 - 69 00 63 00 61 00 74 00 A.p.p.l.i.c.a.t.
000000000012d70c 69 00 6f 00 6e 00 20 00 - 44 00 61 00 74 00 61 00 i.o.n. .D.a.t.a.
000000000012d71c 5c 00 59 00 61 00 68 00 - 6f 00 6f 00 21 00 5c 00 \.Y.a.h.o.o.!.\.
000000000012d72c 59 00 4f 00 50 00 5c 00 - 79 00 6f 00 70 00 2e 00 Y.O.P.\.y.o.p...
000000000012d73c 68 00 74 00 6d 00 6c 00 - 00 00 00 00 38 d7 12 00 h.t.m.l.....8...
000000000012d74c 78 d9 12 00 7c d9 12 00 - 18 ee 90 7c 38 07 91 7c x...|......|8..|
000000000012d75c ff ff ff ff 32 07 91 7c - ab 06 91 7c 96 39 00 00 ....2..|...|.9..
000000000012d76c b4 d8 12 00 b9 43 f6 77 - b4 d8 12 00 d0 43 f6 77 .....C.w.....C.w
000000000012d77c 10 00 00 00 f8 d8 12 00 - 04 00 00 00 bc d7 12 00 ................
000000000012d78c 00 00 15 00 32 07 91 7c - 13 00 00 00 18 0a 15 00 ....2..|........

*----> State Dump for Thread Id 0x614 <----*

eax=77df9981 ebx=00d6fed0 ecx=00000006 edx=00000000 esi=00000000 edi=7ffd4000
eip=7c90eb94 esp=00d6fea8 ebp=00d6ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
00d6ff44 77df9b26 00000002 00d6ff6c 00000000 ntdll!KiFastSystemCallRet
00d6ffb4 7c80b50b 00000000 7c9140bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
00d6ffec 00000000 77df9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d6fea8 ab e9 90 7c f2 94 80 7c - 02 00 00 00 d0 fe d6 00 ...|...|........
0000000000d6feb8 01 00 00 00 01 00 00 00 - 04 ff d6 00 e0 2e b7 00 ................
0000000000d6fec8 40 65 e4 77 00 10 00 00 - 10 01 00 00 1c 01 00 00 @e.w............
0000000000d6fed8 c0 fe d6 00 02 02 00 00 - dc ff d6 00 f3 99 83 7c ...............|
0000000000d6fee8 c8 0c 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 ...|............
0000000000d6fef8 00 00 00 00 00 00 00 00 - 10 00 00 00 00 a2 2f 4d ............../M
0000000000d6ff08 ff ff ff ff 00 10 00 00 - 00 40 fd 7f 00 e0 fd 7f .........@......
0000000000d6ff18 dc ff d6 00 04 ff d6 00 - d0 fe d6 00 06 00 00 00 ................
0000000000d6ff28 02 00 00 00 c4 fe d6 00 - 06 00 00 00 dc ff d6 00 ................
0000000000d6ff38 f3 99 83 7c 90 95 80 7c - 00 00 00 00 b4 ff d6 00 ...|...|........
0000000000d6ff48 26 9b df 77 02 00 00 00 - 6c ff d6 00 00 00 00 00 &..w....l.......
0000000000d6ff58 e0 93 04 00 01 00 00 00 - bb 40 91 7c 00 00 00 00 .........@.|....
0000000000d6ff68 00 00 00 00 10 01 00 00 - 1c 01 00 00 00 10 00 00 ................
0000000000d6ff78 e0 2e b7 00 00 00 00 00 - 00 10 00 00 e8 3e b7 00 .............>..
0000000000d6ff88 a0 66 e4 77 28 00 00 00 - 80 66 e4 77 00 10 00 00 .f.w(....f.w....
0000000000d6ff98 00 00 00 00 a0 66 e4 77 - e0 2e b7 00 80 66 e4 77 .....f.w.....f.w
0000000000d6ffa8 e5 03 00 00 00 10 00 00 - e8 3e b7 00 ec ff d6 00 .........>......
0000000000d6ffb8 0b b5 80 7c 00 00 00 00 - bb 40 91 7c 00 00 00 00 ...|.....@.|....
0000000000d6ffc8 00 00 00 00 00 e0 fd 7f - 00 06 3c 82 c0 ff d6 00 ..........<.....
0000000000d6ffd8 48 5e 3e 81 ff ff ff ff - f3 99 83 7c 18 b5 80 7c H^>........|...|



Application exception occurred:
App: C:\Documents and Settings\Niro\Desktop\Rogers Yahoo! Online Protection.exe (pid=1716)
When: 8/24/2008 @ 15:25:17.796
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: COMPUTER
User Name: Niro
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 3 Stepping 3
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: N

*----> Task List <----*
0 System Process
4 System
880 smss.exe
952 csrss.exe
980 winlogon.exe
1024 services.exe
1036 lsass.exe
1212 svchost.exe
1276 svchost.exe
1400 svchost.exe
1512 svchost.exe
1648 svchost.exe
1776 ccSvcHst.exe
432 spoolsv.exe
1236 Explorer.EXE
1460 AluSchedulerSvc.exe
240 alg.exe
824 ccSvcHst.exe
856 jusched.exe
1000 iTouch.exe
400 ctfmon.exe
1356 DAP.EXE
224 BackWeb-8876480.exe
2124 em_exec.exe
3616 wuauclt.exe
1716 Rogers Yahoo! Online Protection.exe
508 drwtsn32.exe

*----> Module List <----*
(00000000003b0000 - 00000000003b6000: C:\DOCUME~1\Niro\LOCALS~1\Temp\IadHide4.dll
(0000000000400000 - 000000000047d000: C:\Documents and Settings\Niro\Desktop\Rogers Yahoo! Online Protection.exe
(0000000000b00000 - 0000000000b19000: C:\Program Files\Yahoo!\YOP\helpers.dll
(0000000000b30000 - 0000000000b47000: C:\Program Files\Yahoo!\YOP\UIRes.dll
(0000000000b60000 - 0000000000b6b000: C:\Program Files\Yahoo!\YOP\langRes.dll
(0000000000b80000 - 0000000000b87000: C:\Program Files\Logitech\iTouch\iTchHk.dll
(0000000010000000 - 0000000010007000: C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\imagehlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007e1e0000 - 000000007e7a9000: C:\WINDOWS\system32\ieframe.dll

*----> State Dump for Thread Id 0x6bc <----*

eax=7726b46a ebx=00000000 ecx=0000d9d8 edx=00000040 esi=00000000 edi=00000001
eip=77263714 esp=0012d65c ebp=0012d668 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\urlmon.dll -
function: urlmon!CoInternetIsFeatureEnabled
77263703 90 nop
77263704 8bff mov edi,edi
77263706 55 push ebp
77263707 8bec mov ebp,esp
77263709 51 push ecx
7726370a 53 push ebx
7726370b 8b5d10 mov ebx,[ebp+0x10]
7726370e 56 push esi
7726370f 33f6 xor esi,esi
77263711 8975fc mov [ebp-0x4],esi
FAULT ->77263714 8933 mov [ebx],esi ds:0023:00000000=????????
77263716 e857f2ffff call urlmon!CoInternetIsFeatureEnabled+0x1c2 (77262972)
7726371b 85c0 test eax,eax
7726371d 0f8487330200 je urlmon!UrlMkGetSessionOption+0xa1fa (77286aaa)
77263723 397514 cmp [ebp+0x14],esi
77263726 57 push edi
77263727 0f852c7d0000 jne urlmon!DllGetClassObject+0x3b27 (7726b459)
7726372d 397508 cmp [ebp+0x8],esi
77263730 0f857e330200 jne urlmon!UrlMkGetSessionOption+0xa204 (77286ab4)
77263736 6a18 push 0x18
77263738 e8cef0ffff call urlmon!CoInternetIsFeatureEnabled+0x5b (7726280b)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ieframe.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\Documents and Settings\Niro\Desktop\Rogers Yahoo! Online Protection.exe
ChildEBP RetAddr Args to Child
0012d668 7726b481 00000000 7726b488 00000000 urlmon!CoInternetIsFeatureEnabled+0xf64
0012d680 7e2602d3 0012d6b4 00000000 0012e778 urlmon!CoInternetCreateZoneManager+0x17
0012e700 7e349808 0016762c 0012e778 0012e768 ieframe!SoftwareUpdateMessageBox+0x15f5
0012e72c 0041ad6d 00161230 0012e778 0012e768 ieframe!Ordinal164+0x1efcf
00161110 0000000e 00161110 7e21c3d8 000400c0 Rogers Yahoo! Online Protection+0x1ad6d

*----> Raw Stack Dump <----*
000000000012d65c 2c 76 16 00 00 00 00 00 - 00 00 00 00 80 d6 12 00 ,v..............
000000000012d66c 81 b4 26 77 00 00 00 00 - 88 b4 26 77 00 00 00 00 ..&w......&w....
000000000012d67c 78 e7 12 00 00 e7 12 00 - d3 02 26 7e b4 d6 12 00 x.........&~....
000000000012d68c 00 00 00 00 78 e7 12 00 - 2c 76 16 00 68 e7 12 00 ....x...,v..h...
000000000012d69c 68 e7 12 00 78 e7 12 00 - 68 e7 12 00 e0 c1 17 00 h...x...h.......
000000000012d6ac 00 00 00 00 00 00 00 00 - 43 00 3a 00 5c 00 44 00 ........C.:.\.D.
000000000012d6bc 6f 00 63 00 75 00 6d 00 - 65 00 6e 00 74 00 73 00 o.c.u.m.e.n.t.s.
000000000012d6cc 20 00 61 00 6e 00 64 00 - 20 00 53 00 65 00 74 00 .a.n.d. .S.e.t.
000000000012d6dc 74 00 69 00 6e 00 67 00 - 73 00 5c 00 41 00 6c 00 t.i.n.g.s.\.A.l.
000000000012d6ec 6c 00 20 00 55 00 73 00 - 65 00 72 00 73 00 5c 00 l. .U.s.e.r.s.\.
000000000012d6fc 41 00 70 00 70 00 6c 00 - 69 00 63 00 61 00 74 00 A.p.p.l.i.c.a.t.
000000000012d70c 69 00 6f 00 6e 00 20 00 - 44 00 61 00 74 00 61 00 i.o.n. .D.a.t.a.
000000000012d71c 5c 00 59 00 61 00 68 00 - 6f 00 6f 00 21 00 5c 00 \.Y.a.h.o.o.!.\.
000000000012d72c 59 00 4f 00 50 00 5c 00 - 79 00 6f 00 70 00 2e 00 Y.O.P.\.y.o.p...
000000000012d73c 68 00 74 00 6d 00 6c 00 - 00 00 00 00 38 d7 12 00 h.t.m.l.....8...
000000000012d74c 78 d9 12 00 7c d9 12 00 - 18 ee 90 7c 38 07 91 7c x...|......|8..|
000000000012d75c ff ff ff ff 32 07 91 7c - ab 06 91 7c 5a 6b 00 00 ....2..|...|Zk..
000000000012d76c b4 d8 12 00 b9 43 f6 77 - b4 d8 12 00 d0 43 f6 77 .....C.w.....C.w
000000000012d77c 10 00 00 00 f8 d8 12 00 - 04 00 00 00 bc d7 12 00 ................
000000000012d78c 00 00 15 00 32 07 91 7c - 13 00 00 00 18 0a 15 00 ....2..|........

*----> State Dump for Thread Id 0x7f0 <----*

eax=77df9981 ebx=00e0fed0 ecx=00000006 edx=00000000 esi=00000000 edi=7ffdd000
eip=7c90eb94 esp=00e0fea8 ebp=00e0ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
00e0ff44 77df9b26 00000002 00e0ff6c 00000000 ntdll!KiFastSystemCallRet
00e0ffb4 7c80b50b 00000000 7c9140bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
00e0ffec 00000000 77df9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e0fea8 ab e9 90 7c f2 94 80 7c - 02 00 00 00 d0 fe e0 00 ...|...|........
0000000000e0feb8 01 00 00 00 01 00 00 00 - 04 ff e0 00 e0 2e c1 00 ................
0000000000e0fec8 40 65 e4 77 00 10 00 00 - 34 01 00 00 40 01 00 00 @e.w....4...@...
0000000000e0fed8 c0 fe e0 00 04 39 50 c0 - dc ff e0 00 f3 99 83 7c .....9P........|
0000000000e0fee8 c8 0c 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 ...|............
0000000000e0fef8 00 00 00 00 00 00 00 00 - 10 00 00 00 00 a2 2f 4d ............../M
0000000000e0ff08 ff ff ff ff 00 10 00 00 - 00 d0 fd 7f 00 e0 fd 7f ................
0000000000e0ff18 dc ff e0 00 04 ff e0 00 - d0 fe e0 00 06 00 00 00 ................
0000000000e0ff28 02 00 00 00 c4 fe e0 00 - 06 00 00 00 dc ff e0 00 ................
0000000000e0ff38 f3 99 83 7c 90 95 80 7c - 00 00 00 00 b4 ff e0 00 ...|...|........
0000000000e0ff48 26 9b df 77 02 00 00 00 - 6c ff e0 00 00 00 00 00 &..w....l.......
0000000000e0ff58 e0 93 04 00 01 00 00 00 - bb 40 91 7c 00 00 00 00 .........@.|....
0000000000e0ff68 00 00 00 00 34 01 00 00 - 40 01 00 00 00 10 00 00 ....4...@.......
0000000000e0ff78 e0 2e c1 00 00 00 00 00 - 00 10 00 00 e8 3e c1 00 .............>..
0000000000e0ff88 a0 66 e4 77 28 00 00 00 - 80 66 e4 77 00 10 00 00 .f.w(....f.w....
0000000000e0ff98 00 00 00 00 a0 66 e4 77 - e0 2e c1 00 80 66 e4 77 .....f.w.....f.w
0000000000e0ffa8 e5 03 00 00 00 10 00 00 - e8 3e c1 00 ec ff e0 00 .........>......
0000000000e0ffb8 0b b5 80 7c 00 00 00 00 - bb 40 91 7c 00 00 00 00 ...|.....@.|....
0000000000e0ffc8 00 00 00 00 00 e0 fd 7f - 00 06 3c 82 c0 ff e0 00 ..........<.....
0000000000e0ffd8 e0 1a 19 82 ff ff ff ff - f3 99 83 7c 18 b5 80 7c ...........|...|



Application exception occurred:
App: C:\PROGRA~1\Yahoo!\YOP\yop.exe (pid=3944)
When: 8/24/2008 @ 15:42:23.187
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: COMPUTER
User Name: Varneega
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 3 Stepping 3
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: N

*----> Task List <----*
0 System Process
4 System
864 smss.exe
936 csrss.exe
976 winlogon.exe
1020 services.exe
1032 lsass.exe
1196 Ati2evxx.exe
1212 svchost.exe
1300 svchost.exe
1424 svchost.exe
1584 svchost.exe
1672 svchost.exe
1740 ccSvcHst.exe
572 spoolsv.exe
172 AluSchedulerSvc.exe
1644 alg.exe
876 Ati2evxx.exe
836 Explorer.EXE
2764 msiexec.exe
3052 wuauclt.exe
3944 yop.exe
3992 ccSvcHst.exe
3988 jusched.exe
4052 wlmail.exe
4064 iTouch.exe
1548 em_exec.exe
336 atiptaxx.exe
1972 CTFMON.EXE
2312 rundll32.exe
2356 winhlp32.exe
2424 wmiprvse.exe
3020 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 000000000047d000: C:\PROGRA~1\Yahoo!\YOP\yop.exe
(0000000000a90000 - 0000000000aa7000: C:\Program Files\Yahoo!\YOP\UIRes.dll
(0000000000ac0000 - 0000000000acb000: C:\Program Files\Yahoo!\YOP\langRes.dll
(0000000010000000 - 0000000010019000: C:\Program Files\Yahoo!\YOP\helpers.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\imagehlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007e1e0000 - 000000007e7a9000: C:\WINDOWS\system32\ieframe.dll

*----> State Dump for Thread Id 0xf6c <----*

eax=7726b46a ebx=00000000 ecx=0000d5b6 edx=00000040 esi=00000000 edi=00000001
eip=77263714 esp=0012d65c ebp=0012d668 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\urlmon.dll -
function: urlmon!CoInternetIsFeatureEnabled
77263703 90 nop
77263704 8bff mov edi,edi
77263706 55 push ebp
77263707 8bec mov ebp,esp
77263709 51 push ecx
7726370a 53 push ebx
7726370b 8b5d10 mov ebx,[ebp+0x10]
7726370e 56 push esi
7726370f 33f6 xor esi,esi
77263711 8975fc mov [ebp-0x4],esi
FAULT ->77263714 8933 mov [ebx],esi ds:0023:00000000=????????
77263716 e857f2ffff call urlmon!CoInternetIsFeatureEnabled+0x1c2 (77262972)
7726371b 85c0 test eax,eax
7726371d 0f8487330200 je urlmon!UrlMkGetSessionOption+0xa1fa (77286aaa)
77263723 397514 cmp [ebp+0x14],esi
77263726 57 push edi
77263727 0f852c7d0000 jne urlmon!DllGetClassObject+0x3b27 (7726b459)
7726372d 397508 cmp [ebp+0x8],esi
77263730 0f857e330200 jne urlmon!UrlMkGetSessionOption+0xa204 (77286ab4)
77263736 6a18 push 0x18
77263738 e8cef0ffff call urlmon!CoInternetIsFeatureEnabled+0x5b (7726280b)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ieframe.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\PROGRA~1\Yahoo!\YOP\yop.exe
ChildEBP RetAddr Args to Child
0012d668 7726b481 00000000 7726b488 00000000 urlmon!CoInternetIsFeatureEnabled+0xf64
0012d680 7e2602d3 0012d6b4 00000000 0012e778 urlmon!CoInternetCreateZoneManager+0x17
0012e700 7e349808 00167464 0012e778 0012e768 ieframe!SoftwareUpdateMessageBox+0x15f5
0012e72c 0041ad6d 00160f48 0012e778 0012e768 ieframe!Ordinal164+0x1efcf
00160e28 0000000e 00160e28 7e21c3d8 000200ea yop+0x1ad6d

*----> Raw Stack Dump <----*
000000000012d65c 64 74 16 00 00 00 00 00 - 00 00 00 00 80 d6 12 00 dt..............
000000000012d66c 81 b4 26 77 00 00 00 00 - 88 b4 26 77 00 00 00 00 ..&w......&w....
000000000012d67c 78 e7 12 00 00 e7 12 00 - d3 02 26 7e b4 d6 12 00 x.........&~....
000000000012d68c 00 00 00 00 78 e7 12 00 - 64 74 16 00 68 e7 12 00 ....x...dt..h...
000000000012d69c 68 e7 12 00 78 e7 12 00 - 68 e7 12 00 e0 c2 17 00 h...x...h.......
000000000012d6ac 00 00 00 00 00 00 00 00 - 43 00 3a 00 5c 00 44 00 ........C.:.\.D.
000000000012d6bc 6f 00 63 00 75 00 6d 00 - 65 00 6e 00 74 00 73 00 o.c.u.m.e.n.t.s.
000000000012d6cc 20 00 61 00 6e 00 64 00 - 20 00 53 00 65 00 74 00 .a.n.d. .S.e.t.
000000000012d6dc 74 00 69 00 6e 00 67 00 - 73 00 5c 00 41 00 6c 00 t.i.n.g.s.\.A.l.
000000000012d6ec 6c 00 20 00 55 00 73 00 - 65 00 72 00 73 00 5c 00 l. .U.s.e.r.s.\.
000000000012d6fc 41 00 70 00 70 00 6c 00 - 69 00 63 00 61 00 74 00 A.p.p.l.i.c.a.t.
000000000012d70c 69 00 6f 00 6e 00 20 00 - 44 00 61 00 74 00 61 00 i.o.n. .D.a.t.a.
000000000012d71c 5c 00 59 00 61 00 68 00 - 6f 00 6f 00 21 00 5c 00 \.Y.a.h.o.o.!.\.
000000000012d72c 59 00 4f 00 50 00 5c 00 - 79 00 6f 00 70 00 2e 00 Y.O.P.\.y.o.p...
000000000012d73c 68 00 74 00 6d 00 6c 00 - 00 00 00 00 38 d7 12 00 h.t.m.l.....8...
000000000012d74c 78 d9 12 00 7c d9 12 00 - 18 ee 90 7c 38 07 91 7c x...|......|8..|
000000000012d75c ff ff ff ff 32 07 91 7c - ea d4 90 7c ff 80 91 7c ....2..|...|...|
000000000012d76c ff ff ff ff a4 d7 12 00 - 13 02 00 00 9c d7 12 00 ................
000000000012d77c ff 1b 91 7c 00 00 15 00 - 68 cf 16 00 bc d7 12 00 ...|....h.......
000000000012d78c 00 00 15 00 32 07 91 7c - 13 00 00 00 18 0a 15 00 ....2..|........

*----> State Dump for Thread Id 0xf74 <----*

eax=77df9981 ebx=00d5fed0 ecx=00000006 edx=00000000 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=00d5fea8 ebp=00d5ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
00d5ff44 77df9b26 00000002 00d5ff6c 00000000 ntdll!KiFastSystemCallRet
00d5ffb4 7c80b50b 00000000 7c9140bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
00d5ffec 00000000 77df9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d5fea8 ab e9 90 7c f2 94 80 7c - 02 00 00 00 d0 fe d5 00 ...|...|........
0000000000d5feb8 01 00 00 00 01 00 00 00 - 04 ff d5 00 e0 2e b6 00 ................
0000000000d5fec8 40 65 e4 77 00 10 00 00 - 10 01 00 00 1c 01 00 00 @e.w............
0000000000d5fed8 c0 fe d5 00 27 34 70 80 - dc ff d5 00 f3 99 83 7c ....'4p........|
0000000000d5fee8 c8 0c 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 ...|............
0000000000d5fef8 00 00 00 00 00 00 00 00 - 10 00 00 00 00 a2 2f 4d ............../M
0000000000d5ff08 ff ff ff ff 00 10 00 00 - 00 f0 fd 7f 00 d0 fd 7f ................
0000000000d5ff18 dc ff d5 00 04 ff d5 00 - d0 fe d5 00 06 00 00 00 ................
0000000000d5ff28 02 00 00 00 c4 fe d5 00 - 06 00 00 00 dc ff d5 00 ................
0000000000d5ff38 f3 99 83 7c 90 95 80 7c - 00 00 00 00 b4 ff d5 00 ...|...|........
0000000000d5ff48 26 9b df 77 02 00 00 00 - 6c ff d5 00 00 00 00 00 &..w....l.......
0000000000d5ff58 e0 93 04 00 01 00 00 00 - bb 40 91 7c 00 00 00 00 .........@.|....
0000000000d5ff68 00 00 00 00 10 01 00 00 - 1c 01 00 00 00 10 00 00 ................
0000000000d5ff78 e0 2e b6 00 00 00 00 00 - 00 10 00 00 e8 3e b6 00 .............>..
0000000000d5ff88 a0 66 e4 77 28 00 00 00 - 80 66 e4 77 00 10 00 00 .f.w(....f.w....
0000000000d5ff98 00 00 00 00 a0 66 e4 77 - e0 2e b6 00 80 66 e4 77 .....f.w.....f.w
0000000000d5ffa8 e5 03 00 00 00 10 00 00 - e8 3e b6 00 ec ff d5 00 .........>......
0000000000d5ffb8 0b b5 80 7c 00 00 00 00 - bb 40 91 7c 00 00 00 00 ...|.....@.|....
0000000000d5ffc8 00 00 00 00 00 d0 fd 7f - 00 06 3c 82 c0 ff d5 00 ..........<.....
0000000000d5ffd8 10 84 ed 81 ff ff ff ff - f3 99 83 7c 18 b5 80 7c ...........|...|



Application exception occurred:
App: C:\PROGRA~1\Yahoo!\YOP\yop.exe (pid=1724)
When: 8/24/2008 @ 15:46:25.234
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: COMPUTER
User Name: Niro
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 3 Stepping 3
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: N

*----> Task List <----*
0 System Process
4 System
904 smss.exe
952 csrss.exe
976 winlogon.exe
1024 services.exe
1036 lsass.exe
1216 Ati2evxx.exe
1232 svchost.exe
1308 svchost.exe
1432 svchost.exe
1532 svchost.exe
1680 svchost.exe
1756 ccSvcHst.exe
476 spoolsv.exe
1504 Ati2evxx.exe
1572 Explorer.EXE
1724 yop.exe
1800 ccSvcHst.exe
1808 jusched.exe
1920 iTouch.exe
1984 AluSchedulerSvc.exe
2000 atiptaxx.exe
2024 ctfmon.exe
132 DAP.EXE
216 em_exec.exe
220 BackWeb-8876480.exe
2212 dwwin.exe
2828 alg.exe
3924 drwtsn32.exe

*----> Module List <----*
(00000000003e0000 - 00000000003f7000: C:\Program Files\Yahoo!\YOP\UIRes.dll
(0000000000400000 - 000000000047d000: C:\PROGRA~1\Yahoo!\YOP\yop.exe
(0000000000ad0000 - 0000000000adb000: C:\Program Files\Yahoo!\YOP\langRes.dll
(0000000010000000 - 0000000010019000: C:\Program Files\Yahoo!\YOP\helpers.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\imagehlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007e1e0000 - 000000007e7a9000: C:\WINDOWS\system32\ieframe.dll

*----> State Dump for Thread Id 0x6c0 <----*

eax=7726b46a ebx=00000000 ecx=0000ce82 edx=00000040 esi=00000000 edi=00000001
eip=77263714 esp=0012d65c ebp=0012d668 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\urlmon.dll -
function: urlmon!CoInternetIsFeatureEnabled
77263703 90 nop
77263704 8bff mov edi,edi
77263706 55 push ebp
77263707 8bec mov ebp,esp
77263709 51 push ecx
7726370a 53 push ebx
7726370b 8b5d10 mov ebx,[ebp+0x10]
7726370e 56 push esi
7726370f 33f6 xor esi,esi
77263711 8975fc mov [ebp-0x4],esi
FAULT ->77263714 8933 mov [ebx],esi ds:0023:00000000=????????
77263716 e857f2ff