Solved

help analzying a minidump file

Posted on 2006-11-25
8
1,776 Views
Last Modified: 2009-07-04
I have a BSOD error that occurs about 2-3 times per day and need help analyzing the minidump file. The file is below:

Here is the minidump file log from the debug tool

Opened log file 'c:\debuglog.txt'
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;logclose;q
Loading Kernel Symbols
...................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804d6118, The address that the exception occurred at
Arg3: ef2dfc88, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for vvsmuwtm.sys
*** ERROR: Module load completed but symbols could not be loaded for vvsmuwtm.sys

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!RtlInitUnicodeString+1b
804d6118 f266af          repne scas word ptr es:[edi]

TRAP_FRAME:  ef2dfc88 -- (.trap ffffffffef2dfc88)
.trap ffffffffef2dfc88
ErrCode = 00000000
eax=00000000 ebx=02874000 ecx=fffff82e edx=ef2dfd18 esi=eee0d811 edi=02875000
eip=804d6118 esp=ef2dfcfc ebp=ef2dfd30 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlInitUnicodeString+0x1b:
804d6118 f266af          repne scas word ptr es:[edi]     es:0023:02875000=????
.trap
Resetting default scope

CUSTOMER_CRASH_COUNT:  4

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  IEXPLORE.EXE

LAST_CONTROL_TRANSFER:  from 804dad01 to 804d6118

SYMBOL_ON_RAW_STACK:  1

STACK_ADDR_RAW_STACK_SYMBOL: 17002000010004

STACK_COMMAND:  dds EF2DFD04-0x20 ; kb

STACK_TEXT:  
ef2dfce4  02874000
ef2dfce8  ef2dfd30
ef2dfcec  00000000
ef2dfcf0  804d6118 nt!RtlInitUnicodeString+0x1b
ef2dfcf4  00000008
ef2dfcf8  00010246
ef2dfcfc  ef2dfd64
ef2dfd00  eee0cba9 vvsmuwtm+0xba9
ef2dfd04  ef2dfd18
ef2dfd08  0287405e
ef2dfd0c  ef2dfd64
ef2dfd10  0225f5bc
ef2dfd14  eee0cb04 vvsmuwtm+0xb04
ef2dfd18  00000000
ef2dfd1c  0287405e
ef2dfd20  00000000
ef2dfd24  00000000
ef2dfd28  00000000
ef2dfd2c  00000000
ef2dfd30  ef2dfd64
ef2dfd34  804dad01 nt!KiSystemService+0xc4
ef2dfd38  0000065c
ef2dfd3c  00000000
ef2dfd40  00000000
ef2dfd44  00000000
ef2dfd48  0225f5d4
ef2dfd4c  02874000
ef2dfd50  00001000
ef2dfd54  01000003
ef2dfd58  00000000
ef2dfd5c  00000009
ef2dfd60  00000000


FOLLOWUP_IP:
vvsmuwtm+ba9
eee0cba9 ??              ???

SYMBOL_NAME:  vvsmuwtm+ba9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vvsmuwtm

IMAGE_NAME:  vvsmuwtm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  438d5ea6

FAILURE_BUCKET_ID:  0x8E_vvsmuwtm+ba9

BUCKET_ID:  0x8E_vvsmuwtm+ba9

Followup: MachineOwner
---------

eax=00000000 ebx=02874000 ecx=fffff82e edx=ef2dfd18 esi=eee0d811 edi=02875000
eip=804d6118 esp=ef2dfcfc ebp=ef2dfd30 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlInitUnicodeString+0x1b:
804d6118 f266af          repne scas word ptr es:[edi]     es:0023:02875000=????
ChildEBP RetAddr  Args to Child              
ef2dfd30 804dad01 0000065c 00000000 00000000 nt!RtlInitUnicodeString+0x1b (FPO: [2,2,0])
ef2dfd30 00000023 0000065c 00000000 00000000 nt!KiSystemService+0xc4 (FPO: [0,0] TrapFrame @ ef2dfd30)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x23
start    end        module name
804d4000 806c6400   nt       ntoskrnl.exe Tue Mar 01 20:33:24 2005 (422517E4)
806c7000 806e6380   hal      halaacpi.dll Thu Aug 29 04:05:02 2002 (3D6DD5AE)
bf800000 bf9b6c00   win32k   win32k.sys   Tue Mar 01 20:34:22 2005 (4225181E)
bf9b7000 bf9c5000   ialmrnt5 ialmrnt5.dll Tue Jun 21 20:04:46 2005 (42B8AB1E)
bf9c5000 bf9e4000   ialmdnt5 ialmdnt5.dll Tue Jun 21 20:04:39 2005 (42B8AB17)
bf9e4000 bfa0fa20   ialmdev5 ialmdev5.DLL Tue Jun 21 20:04:29 2005 (42B8AB0D)
bfa10000 bfaed000   ialmdd5  ialmdd5.DLL  Tue Jun 21 20:11:47 2005 (42B8ACC3)
bff80000 bff90d80   dxg      dxg.sys      Thu Aug 29 06:40:42 2002 (3D6DFA2A)
ee2b9000 ee2dfe80   kmixer   kmixer.sys   Thu Aug 29 04:32:28 2002 (3D6DDC1C)
eea66000 eea78e80   wdmaud   wdmaud.sys   Thu Aug 29 05:00:46 2002 (3D6DE2BE)
eebb4000 eebc7680   ipnat    ipnat.sys    Thu Aug 29 04:36:12 2002 (3D6DDCFC)
eee0c000 eee0e326   vvsmuwtm vvsmuwtm.sys Wed Nov 30 03:11:18 2005 (438D5EA6)
eee20000 eee3bf20   naiavf5x naiavf5x.sys Mon Jun 13 18:54:46 2005 (42AE0EB6)
eee48000 eee4a780   secdrv   secdrv.sys   Mon Apr 08 04:50:52 2002 (3CB159EC)
eee64000 eeeb2700   srv      srv.sys      Mon May 09 20:39:21 2005 (428002B9)
eefa3000 eefcd500   mrxdav   mrxdav.sys   Mon Apr 25 21:58:01 2005 (426DA029)
ef13e000 ef14be00   sysaudio sysaudio.sys Thu Aug 29 05:01:17 2002 (3D6DE2DD)
ef1d6000 ef1f6380   afd      afd.sys      Thu Aug 29 05:01:13 2002 (3D6DE2D9)
ef21f000 ef2377e0   tfsnudfa tfsnudfa.sys Wed Aug 06 12:45:19 2003 (3F31309F)
ef238000 ef24fee0   tfsnudf  tfsnudf.sys  Wed Aug 06 12:44:17 2003 (3F313061)
ef2f0000 ef304520   tfsnifs  tfsnifs.sys  Wed Aug 06 12:44:07 2003 (3F313057)
ef351000 ef354080   ndisuio  ndisuio.sys  Sat Aug 02 05:38:10 2003 (3F2B8682)
ef445000 ef45a500   dump_atapi dump_atapi.sys Wed Apr 23 12:29:51 2003 (3EA6BF7F)
ef45b000 ef4c6700   mrxsmb   mrxsmb.sys   Tue Jan 18 22:51:35 2005 (41EDD947)
ef4ef000 ef518880   rdbss    rdbss.sys    Tue Oct 12 12:22:19 2004 (416C04BB)
ef519000 ef53f580   netbt    netbt.sys    Thu Aug 29 05:01:56 2002 (3D6DE304)
ef540000 ef593000   tcpip    tcpip.sys    Wed May 25 15:41:07 2005 (4294D4D3)
ef8c3000 ef8cb7e0   tfsncofs tfsncofs.sys Wed Aug 06 12:44:38 2003 (3F313076)
ef8d3000 ef8dc540   drvnddm  drvnddm.sys  Fri Jun 20 19:55:12 2003 (3EF39EE0)
f79e9000 f7a0a780   update   update.sys   Fri Aug 17 23:53:56 2001 (3B7DE6D4)
f7a0b000 f7a1b200   psched   psched.sys   Thu Aug 29 04:35:54 2002 (3D6DDCEA)
f7a1c000 f7a31600   ndiswan  ndiswan.sys  Thu Aug 29 04:58:38 2002 (3D6DE23E)
f7a32000 f7a5f960   windrvr6 windrvr6.sys Mon Mar 21 05:57:07 2005 (423EA883)
f7a60000 f7a80c80   portcls  portcls.sys  Thu Aug 29 05:00:58 2002 (3D6DE2CA)
f7a81000 f7b06100   smwdm    smwdm.sys    Fri Feb 28 09:17:15 2003 (3E5F6F6B)
f7b07000 f7b19900   parport  parport.sys  Thu Aug 29 04:27:29 2002 (3D6DDAF1)
f7b1a000 f7b39d00   ks       ks.sys       Wed Dec 04 12:09:38 2002 (3DEE36D2)
f7b3a000 f7c46f80   BCMSM    BCMSM.sys    Wed Aug 27 23:05:02 2003 (3F4D715E)
f7c47000 f7c68e00   USBPORT  USBPORT.SYS  Wed Aug 13 13:23:37 2003 (3F3A7419)
f7c69000 f7c7a500   VIDEOPRT VIDEOPRT.SYS Thu Aug 29 04:32:03 2002 (3D6DDC03)
f7c7b000 f7d403c0   ialmnt5  ialmnt5.sys  Tue Jun 21 20:12:33 2005 (42B8ACF1)
f7d65000 f7d67280   rasacd   rasacd.sys   Fri Aug 17 16:55:39 2001 (3B7D84CB)
f8345000 f8348f80   TDI      TDI.SYS      Fri Aug 17 16:57:25 2001 (3B7D8535)
f8349000 f834b580   ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
f8351000 f8353880   pfc      pfc.sys      Fri Sep 19 19:47:22 2003 (3F6B958A)
f83ae000 f83c7680   Mup      Mup.sys      Thu Aug 29 05:12:53 2002 (3D6DE595)
f83c8000 f83f1100   NDIS     NDIS.sys     Sat Oct 04 03:54:08 2003 (3F7E7CA0)
f83f2000 f847b300   Ntfs     Ntfs.sys     Thu Aug 29 05:13:37 2002 (3D6DE5C1)
f847c000 f848f780   KSecDD   KSecDD.sys   Fri Aug 17 16:50:01 2001 (3B7D8379)
f8490000 f84a4240   drvmcdb  drvmcdb.sys  Thu Jul 31 20:51:10 2003 (3F29B97E)
f84a5000 f84b5e80   sr       sr.sys       Thu Aug 29 04:17:56 2002 (3D6DD8B4)
f84b6000 f84cb500   atapi    atapi.sys    Wed Apr 23 12:29:51 2003 (3EA6BF7F)
f84cc000 f84ea880   ftdisk   ftdisk.sys   Fri Aug 17 16:52:41 2001 (3B7D8419)
f84eb000 f8516c80   ACPI     ACPI.sys     Thu Aug 29 04:09:03 2002 (3D6DD69F)
f8538000 f8547600   pci      pci.sys      Thu Aug 29 04:09:10 2002 (3D6DD6A6)
f8548000 f8550c00   isapnp   isapnp.sys   Fri Aug 17 16:58:01 2001 (3B7D8559)
f8558000 f8561280   MountMgr MountMgr.sys Fri Aug 17 16:47:36 2001 (3B7D82E8)
f8568000 f8574000   VolSnap  VolSnap.sys  Fri Aug 17 16:53:19 2001 (3B7D843F)
f8578000 f8580400   disk     disk.sys     Thu Aug 29 04:27:56 2002 (3D6DDB0C)
f8588000 f8593500   CLASSPNP CLASSPNP.SYS Thu Aug 29 05:08:42 2002 (3D6DE49A)
f85a8000 f85b2880   bcm4sbxp bcm4sbxp.sys Thu May 15 21:09:31 2003 (3EC43A4B)
f85b8000 f85c4780   i8042prt i8042prt.sys Thu Aug 29 05:06:37 2002 (3D6DE41D)
f85c8000 f85d7400   serial   serial.sys   Thu Aug 29 05:08:27 2002 (3D6DE48B)
f85d8000 f85e1b80   imapi    imapi.sys    Thu Aug 29 04:28:05 2002 (3D6DDB15)
f85e8000 f85f3980   cdrom    cdrom.sys    Thu Aug 29 04:27:55 2002 (3D6DDB0B)
f85f8000 f8605d00   redbook  redbook.sys  Thu Aug 29 04:27:45 2002 (3D6DDB01)
f8608000 f8616200   drmk     drmk.sys     Thu Aug 29 04:32:30 2002 (3D6DDC1E)
f8618000 f8623d00   rasl2tp  rasl2tp.sys  Thu Aug 29 05:06:36 2002 (3D6DE41C)
f8628000 f8631800   raspppoe raspppoe.sys Fri Aug 17 16:55:33 2001 (3B7D84C5)
f8638000 f8643500   raspptp  raspptp.sys  Thu Aug 29 05:12:46 2002 (3D6DE58E)
f8648000 f8650400   msgpc    msgpc.sys    Fri Aug 17 16:54:19 2001 (3B7D847B)
f8658000 f8661400   termdd   termdd.sys   Thu Aug 29 04:40:32 2002 (3D6DDE00)
f8668000 f8671480   NDProxy  NDProxy.SYS  Fri Aug 17 16:55:30 2001 (3B7D84C2)
f8688000 f8694f80   usbhub   usbhub.sys   Sat Aug 02 05:34:33 2003 (3F2B85A9)
f86a8000 f86b6280   ipsec    ipsec.sys    Thu Aug 29 05:07:19 2002 (3D6DE447)
f86b8000 f86c0180   netbios  netbios.sys  Thu Aug 29 04:35:45 2002 (3D6DDCE1)
f86d8000 f86e0880   Fips     Fips.SYS     Fri Aug 17 21:31:49 2001 (3B7DC585)
f86e8000 f86f0200   wanarp   wanarp.sys   Fri Aug 17 16:55:23 2001 (3B7D84BB)
f86f8000 f8700700   HIDCLASS HIDCLASS.SYS Thu Aug 29 04:32:40 2002 (3D6DDC28)
f8708000 f8716900   Cdfs     Cdfs.SYS     Thu Aug 29 04:58:50 2002 (3D6DE24A)
f87b8000 f87bdc80   PCIIDEX  PCIIDEX.SYS  Fri Jan 31 18:43:28 2003 (3E3B0A20)
f87c0000 f87c4900   PartMgr  PartMgr.sys  Fri Aug 17 21:32:23 2001 (3B7DC5A7)
f87c8000 f87cce20   PxHelp20 PxHelp20.sys Tue Feb 01 18:23:42 2005 (42000F7E)
f87e0000 f87e6420   tfsnboio tfsnboio.sys Wed Aug 06 12:44:20 2003 (3F313064)
f8878000 f887f780   processr processr.sys Thu Aug 29 04:05:03 2002 (3D6DD5AF)
f8880000 f8884b80   usbuhci  usbuhci.sys  Sat Aug 02 05:34:33 2003 (3F2B85A9)
f8888000 f888e280   usbehci  usbehci.sys  Sat Aug 02 05:34:31 2003 (3F2B85A7)
f8890000 f8897080   Modem    Modem.SYS    Fri Aug 17 16:57:35 2001 (3B7D853F)
f8898000 f8899000   fdc      fdc.sys      unavailable (00000000)
f88a0000 f88a5b80   kbdclass kbdclass.sys Thu Aug 29 04:26:59 2002 (3D6DDAD3)
f88a8000 f88ae3a0   MxlW2k   MxlW2k.SYS   Sat Sep 13 19:18:32 2003 (3F63A5C8)
f88b0000 f88b7000   GEARAspiWDM GEARAspiWDM.sys Fri Jul 14 15:02:57 2006 (44B7EA61)
f88b8000 f88bc580   ptilink  ptilink.sys  Fri Aug 17 16:49:53 2001 (3B7D8371)
f88c0000 f88c4080   raspti   raspti.sys   Fri Aug 17 16:55:32 2001 (3B7D84C4)
f88c8000 f88cd020   wanatw4  wanatw4.sys  Tue Jul 16 11:23:14 2002 (3D343A62)
f88d0000 f88d5600   mouclass mouclass.sys Thu Aug 29 04:27:00 2002 (3D6DDAD4)
f88d8000 f88dc300   omci     omci.sys     Mon Nov 04 18:05:02 2002 (3DC6FD1E)
f88f0000 f88f5a80   ssrtln   ssrtln.sys   Mon Jul 14 14:28:21 2003 (3F12F645)
f88f8000 f88fcd00   vga      vga.sys      Thu Aug 29 04:32:03 2002 (3D6DDC03)
f8900000 f8904680   Msfs     Msfs.SYS     Fri Aug 17 16:50:02 2001 (3B7D837A)
f8908000 f890f380   Npfs     Npfs.SYS     Fri Aug 17 16:50:03 2001 (3B7D837B)
f8918000 f891ee00   usbccgp  usbccgp.sys  Sat Aug 02 05:34:35 2003 (3F2B85AB)
f8920000 f8925c80   HIDPARSE HIDPARSE.SYS Fri Aug 17 17:02:04 2001 (3B7D864C)
f8928000 f892e180   usbprint usbprint.sys Thu Aug 29 04:50:01 2002 (3D6DE039)
f8948000 f894b000   BOOTVID  BOOTVID.dll  Fri Aug 17 16:49:09 2001 (3B7D8345)
f89c0000 f89c3a80   serenum  serenum.sys  Fri Aug 17 16:50:13 2001 (3B7D8385)
f89e4000 f89e6580   hidusb   hidusb.sys   Fri Aug 17 17:02:16 2001 (3B7D8658)
f89e8000 f89eb780   usbscan  usbscan.sys  Thu Aug 29 04:48:51 2002 (3D6DDFF3)
f89ec000 f89eef80   mouhid   mouhid.sys   Fri Aug 17 16:47:57 2001 (3B7D82FD)
f89f4000 f89f7760   tfsnopio tfsnopio.sys Wed Aug 06 12:44:47 2003 (3F31307F)
f8a08000 f8a0a900   Dxapi    Dxapi.sys    Fri Aug 17 16:53:19 2001 (3B7D843F)
f8a0c000 f8a10000   watchdog watchdog.sys Thu Aug 29 04:32:20 2002 (3D6DDC14)
f8a38000 f8a39b80   kdcom    kdcom.dll    Fri Aug 17 16:49:10 2001 (3B7D8346)
f8a3a000 f8a3b100   WMILIB   WMILIB.SYS   Fri Aug 17 17:07:23 2001 (3B7D878B)
f8a6c000 f8a6d5c0   sscdbhk5 sscdbhk5.sys Mon Jul 14 14:28:38 2003 (3F12F656)
f8a6e000 f8a6f120   aeaudio  aeaudio.sys  Mon Apr 01 09:39:14 2002 (3CA87112)
f8a70000 f8a71280   USBD     USBD.SYS     Fri Aug 17 17:02:58 2001 (3B7D8682)
f8a74000 f8a75e00   i2omgmt  i2omgmt.SYS  Fri Aug 17 16:56:15 2001 (3B7D84EF)
f8a76000 f8a77f00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 16:49:37 2001 (3B7D8361)
f8a78000 f8a79080   Beep     Beep.SYS     Fri Aug 17 16:47:33 2001 (3B7D82E5)
f8a7a000 f8a7b080   mnmdd    mnmdd.SYS    Fri Aug 17 16:57:28 2001 (3B7D8538)
f8a7c000 f8a7d080   RDPCDD   RDPCDD.sys   Fri Aug 17 16:46:56 2001 (3B7D82C0)
f8a7e000 f8a7f100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f8a90000 f8a918a0   tfsnpool tfsnpool.sys Wed Aug 06 12:44:09 2003 (3F313059)
f8ab2000 f8ab3a80   ParVdm   ParVdm.SYS   Fri Aug 17 16:49:49 2001 (3B7D836D)
f8b00000 f8b00d00   pciide   pciide.sys   Fri Aug 17 16:51:49 2001 (3B7D83E5)
f8b55000 f8b55b80   Null     Null.SYS     Fri Aug 17 16:47:39 2001 (3B7D82EB)
f8b57000 f8b57880   tfsndres tfsndres.sys Wed Aug 06 12:45:28 2003 (3F3130A8)
f8b58000 f8b58fe0   tfsndrct tfsndrct.sys Wed Aug 06 12:44:45 2003 (3F31307D)
f8be4000 f8be4c00   audstub  audstub.sys  Fri Aug 17 16:59:40 2001 (3B7D85BC)
f8bea000 f8beb000   swenum   swenum.sys   Wed Dec 04 12:10:07 2002 (3DEE36EF)
f8c64000 f8c64d00   dxgthk   dxgthk.sys   Fri Aug 17 16:53:12 2001 (3B7D8438)

Unloaded modules:
ee2b9000 ee2e0000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee2b9000 ee2e0000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ee3d0000 ee3f7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eea3f000 eea66000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f8bf2000 f8bf3000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eec08000 eec15000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eec18000 eec26000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eeaa1000 eeac4000   aec.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f8a8c000 f8a8e000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f86c8000 f86d2000   p3.sys  
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f88e8000 f88ed000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f89d8000 f89db000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
                                  ^ Syntax error in '.reload;!analyze -v;r;kv;lmnt;logclose;q'
kd> q
quit:
 

****************************************************************************
Here is a copy of running prcoesses:

Pstat version 0.3:  memory: 522240 kb  uptime:  0 14:17:52.562

PageFile: \??\C:\pagefile.sys
      Current Size: 786432 kb  Total Used:  46352 kb   Peak Used  46604 kb

 Memory: 522240K Avail: 135124K  TotalWs: 391196K InRam Kernel: 1904K P:38484K
 Commit: 281220K/ 182328K Limit:1279100K Peak: 346024K  Pool N:10516K P:38648K

    User Time   Kernel Time    Ws   Faults  Commit Pri Hnd Thd Pid Name
                           135956  2201486                         File Cache
  0:00:00.000  13:41:49.453    16        0       0  0    0   1   0 Idle Process
  0:00:00.000   0:00:27.328   212     6779      28  8  308  60   4 System
  0:00:00.015   0:00:00.000   344      199     164 11   21   3 536 SMSS.EXE
  0:00:02.968   0:00:19.765  4396    14735    1824 13  500  13 600 CSRSS.EXE
  0:00:49.000   0:00:19.765 19836   994039   14848 13  594  19 624 winlogon.exe
  0:00:01.234   0:00:08.687  3236    33444    1564  9  337  18 668 SERVICES.EXE
  0:00:47.656   0:01:14.171   600    17281    3308  9  320  19 680 LSASS.EXE
  0:00:00.453   0:00:00.546  3384     1184    1252  8  292   9 872 SVCHOST.EXE
  0:00:14.203   0:00:06.109 20524    61279   13176  8 1410  74 952 SVCHOST.EXE
  0:00:00.218   0:00:00.125  1892     1441     800  8   68   6 1148 SVCHOST.EXE
  0:00:00.015   0:00:00.015  3408      905    1152  8  129  14 1180 SVCHOST.EXE
  0:00:01.296   0:00:03.625  3164     2200    1404  8  354   8 1336 LEXBCES.EXE
  0:01:42.812   0:00:07.234  6712   263738    4036  8  183  13 1360 spoolsv.exe
  0:00:00.031   0:00:00.000  3920     1022    1112  8  121   5 456 ALG.EXE
  0:00:00.093   0:00:00.046   568      767    1228  8   85   8 468 acsd.exe
  0:00:00.015   0:00:00.000  1348      346     356  8   24   1 520 Mcdetect.exe
  0:00:02.734   0:00:00.171  5584    10567    3500 13  180  18 588 McShield.exe
  0:00:00.046   0:00:00.031  2748      729     748  8   64   2 644 McTskshd.exe
  0:00:00.250   0:00:00.125  3472     1070    1252  8  113   7 1228 SVCHOST.EXE
  0:00:00.031   0:00:00.000   432      621     704  8   73   7 1268 wanmpsvc.exe
  0:00:00.015   0:00:00.031  3756     1013    1616  8  112  16 1468 fxssvc.exe
  0:00:00.468   0:00:00.453  3684     1449    1116  8  135  11 2432 iPodService.exe
  0:00:43.953   0:01:25.687 18440   392747   23780  8  702  25 3792 EXPLORER.EXE
  0:00:00.046   0:00:00.093  3712      941    1452  8   83   2 2728 hkcmd.exe
  0:00:00.031   0:00:00.171  5108     1513    1536  8  128   2 3248 mcagent.exe
  0:00:00.031   0:00:00.078  4524     1208    1400  8  121   2 3312 mcvsshld.exe
  0:00:00.031   0:00:00.015  1948      495     528  8   22   1 4012 dlbabmgr.exe
  0:00:00.031   0:00:00.000  2536      643     592  8   81   2 2108 oasclnt.exe
  0:00:00.015   0:00:00.015  3776      984     924  8   86   4 3304 iTunesHelper.exe
  0:00:00.031   0:00:00.015  4316     1104    2372  8   42   1 252 dlbabmon.exe
  0:00:00.250   0:00:00.296  4956     5218    3844  8  279  10 2512 GoogleUpdater.exe
  0:00:00.171   0:00:00.437  1560     2829    1052 13   60   3 3536 TASKMGR.EXE
  0:00:30.406   0:00:19.671 32436    82629   26948  8  697  12 3956 IEXPLORE.EXE
  0:00:00.031   0:00:00.031   772      579    1456  8   21   1 2532 CMD.EXE
  0:01:01.921   0:00:29.375 70576   218678   58448  8  277  16 2364 firefox.exe
  0:00:00.328   0:00:00.437  6404     2230    2476  8  118   5 500 msiexec.exe
  0:00:00.015   0:00:00.015   940      233     332  8   13   1 1628 pstat.exe

pid:  0 pri: 0 Hnd:    0 Pf:      0 Ws:     16K Idle Process
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
   0   0   3963620 00000000  0:00:00.000 13:41:49.453 Running

pid:  4 pri: 8 Hnd:  308 Pf:   6779 Ws:    212K System
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
   8   0     71011 8067A76C  0:00:00.000  0:00:04.609 Ready
  10  13     49689 804E0EB6  0:00:00.000  0:00:01.187 Wait:EventPairLow
  14  13     44448 804E0EB6  0:00:00.000  0:00:00.328 Wait:EventPairLow
  18  13     29933 804E0EB6  0:00:00.000  0:00:00.421 Wait:EventPairLow
  1c  13     59450 804E0EB6  0:00:00.000  0:00:01.203 Wait:EventPairLow
  20  13     18403 804E0EB6  0:00:00.000  0:00:01.515 Wait:EventPairLow
  24  12    104054 804E0EB6  0:00:00.000  0:00:00.531 Wait:EventPairLow
  28  12      8424 804E0EB6  0:00:00.000  0:00:00.093 Wait:EventPairLow
  2c  13        89 804E0EB6  0:00:00.000  0:00:00.015 Wait:EventPairLow
  30  12    187606 804E0EB6  0:00:00.000  0:00:00.890 Wait:EventPairLow
  34  13       323 804E0EB6  0:00:00.000  0:00:00.015 Wait:EventPairLow
  38  13     97232 804E0EB6  0:00:00.000  0:00:00.500 Wait:EventPairLow
  3c  12      7919 804E0EB6  0:00:00.000  0:00:01.093 Wait:Executive
  40  15      8373 804E0EB6  0:00:00.000  0:00:00.000 Wait:EventPairLow
  44  14     51471 80551E4B  0:00:00.000  0:00:00.000 Wait:Executive
  48  18     10912 804FEB6A  0:00:00.000  0:00:00.593 Wait:VirtualMemory
  4c  17      1916 8063A80F  0:00:00.000  0:00:00.000 Wait:FreePage
  50  16     55614 804E1C22  0:00:00.000  0:00:00.000 Wait:Executive
  54  23     60741 804E2D9C  0:00:00.000  0:00:00.062 Wait:Executive
  58  16         1 8050FB7C  0:00:00.000  0:00:00.000 Wait:EventPairLow
  5c  17         1 8050FB7C  0:00:00.000  0:00:00.000 Wait:EventPairLow
  60   8       537 F84FADBE  0:00:00.000  0:00:00.078 Wait:Executive
  64  17      1628 804FAE17  0:00:00.000  0:00:00.000 Wait:VirtualMemory
  68   8      1529 F83CD600  0:00:00.000  0:00:00.000 Wait:EventPairLow
  70   8         1 F786D400  0:00:00.000  0:00:00.000 Wait:Executive
  74   8         5 F786EEA0  0:00:00.000  0:00:00.000 Wait:Executive
  78  16         3 F866DD30  0:00:00.000  0:00:00.000 Wait:Executive
  88   8         3 F86A85A0  0:00:00.000  0:00:00.000 Wait:Executive
  8c   8         1 F86A8CFF  0:00:00.000  0:00:00.000 Wait:Executive
 110   8        20 F797FBC4  0:00:00.000  0:00:00.000 Wait:Suspended
 114   8     99869 F797FBC4  0:00:00.000  0:00:00.046 Wait:Suspended
 118   8        20 F797FBC4  0:00:00.000  0:00:00.000 Wait:Suspended
 11c   9       150 F797FBC4  0:00:00.000  0:00:00.000 Wait:Suspended
 14c   8     10294 F783E2EE  0:00:00.000  0:00:00.000 Wait:Executive
 164   8         1 F8A09038  0:00:00.000  0:00:00.000 Wait:Executive
 168   8         1 EF5C5B25  0:00:00.000  0:00:00.000 Wait:EventPairLow
 16c   8      1639 EF5C5B25  0:00:00.000  0:00:00.000 Wait:EventPairLow
 170   8         1 EF5C5B25  0:00:00.000  0:00:00.000 Wait:EventPairLow
 174   8      1639 EF5B074F  0:00:00.000  0:00:00.000 Wait:Executive
 214   8        32 805C3D48  0:00:00.000  0:00:00.000 Wait:LpcReceive
 340   8        15 F7B089CB  0:00:00.000  0:00:00.000 Wait:Executive
 34c   8         4 F89328EB  0:00:00.000  0:00:00.000 Wait:Executive
 1a4   8         1 EEB6F684  0:00:00.000  0:00:00.000 Wait:EventPairLow
 1a8   8         1 EEB6F684  0:00:00.000  0:00:00.000 Wait:EventPairLow
 1ac   8         1 EEB6F684  0:00:00.000  0:00:00.000 Wait:EventPairLow
 1b0   8       858 EEB524EE  0:00:00.000  0:00:00.000 Wait:Executive
 1b8   8       302 EEB4FC88  0:00:00.000  0:00:00.000 Wait:Executive
 244   9         1 EEAA3A48  0:00:00.000  0:00:00.000 Wait:EventPairLow
 250   9         1 EEAA3A48  0:00:00.000  0:00:00.000 Wait:EventPairLow
 3d0   8         1 EE9A5480  0:00:00.000  0:00:00.000 Wait:Executive
 3d4   8     12867 EE9A7730  0:00:00.000  0:00:00.000 Wait:Executive
 3e8   8       577 EE9B2700  0:00:00.000  0:00:00.000 Wait:Executive
 3ec   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 3d8   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 3fc   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 400   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 408   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 40c   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 410   8         1 EE9B2710  0:00:00.000  0:00:00.000 Wait:Executive
 414   8       243 EE9B2710  0:00:00.000  0:00:00.015 Wait:Executive

pid:218 pri:11 Hnd:   21 Pf:    199 Ws:    344K SMSS.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 21c  12        57 48589A26  0:00:00.000  0:00:00.015 Wait:UserRequest
 220  12         7 485887B8  0:00:00.000  0:00:00.000 Wait:LpcReceive
 224  12         3 485887B8  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:258 pri:13 Hnd:  500 Pf:  14735 Ws:   4396K CSRSS.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 260  15        28 75B6DCD6  0:00:00.000  0:00:00.000 Wait:LpcReply
 264  15       186 75B6DA56  0:00:00.000  0:00:00.000 Wait:UserRequest
 268  13     14594 75B441F0  0:00:00.515  0:00:00.343 Wait:LpcReceive
 26c  14         3 75B437E2  0:00:00.000  0:00:00.000 Wait:LpcReceive
 278  13     14610 75B441F0  0:00:00.640  0:00:00.250 Wait:LpcReceive
 27c  14   2931616 75B69C8A  0:00:00.000  0:00:04.406 Wait:UserRequest
 280  15    689212 75B69C8A  0:00:00.000  0:00:06.828 Wait:UserRequest
 2b0  14         3 75B69C8A  0:00:00.000  0:00:00.000 Wait:UserRequest
 310  14     15060 75B441F0  0:00:00.671  0:00:00.421 Wait:LpcReceive
 78c  14     22992 75B441F0  0:00:00.515  0:00:00.359 Wait:LpcReceive
 d54  14     12078 75B441F0  0:00:00.296  0:00:00.265 Wait:LpcReceive
  c8  14     12550 75B441F0  0:00:00.281  0:00:00.343 Wait:LpcReceive
 a44  15      5342 75B619D7  0:00:00.015  0:00:00.125 Wait:UserRequest

pid:270 pri:13 Hnd:  594 Pf: 994039 Ws:  19836K winlogon.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 274  15     21886 0103B1F7  0:00:01.031  0:00:01.140 Wait:UserRequest
 28c  13         4 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 290  13         4 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 298  14       604 77E7D295  0:00:00.000  0:00:00.046 Wait:EventPairLow
 2a4  13      1568 77E7D295  0:00:00.000  0:00:00.046 Wait:UserRequest
 354  14         9 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 358  13     11669 77E7D295  0:00:00.156  0:00:00.328 Wait:UserRequest
 35c  13         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 458  14        10 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 464  11         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 66c  15         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 670  15       491 77E7D295  0:00:00.000  0:00:00.093 Wait:UserRequest
 474  13         4 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 190  13       105 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 4e8  15        81 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 e9c  13       142 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 c5c  15      3492 77E7D295  0:00:00.046  0:00:00.171 Wait:UserRequest
 d58  15     38003 77E7D295  0:00:47.625  0:00:18.062 Wait:UserRequest
 6f0  15         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:29c pri: 9 Hnd:  337 Pf:  33444 Ws:   3236K SERVICES.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 2d4   9         2 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 2dc   9      1323 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 2e0   9        56 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 324   9      1298 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 32c   9     22937 77E7D295  0:00:00.203  0:00:01.109 Wait:LpcReceive
 330  10      1351 77E7D295  0:00:00.031  0:00:00.062 Wait:LpcReceive
 334   9         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 350  10        22 77E7D295  0:00:00.000  0:00:00.000 Wait:Executive
 364  10         3 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 3f4  10      2421 77E7D295  0:00:00.015  0:00:00.000 Wait:Executive
 3f8  10       129 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 640  11     35411 77E7D295  0:00:00.359  0:00:02.531 Wait:EventPairLow
 188   9      2635 77E7D295  0:00:00.015  0:00:00.140 Wait:DelayExecution
 418  11      2697 77E7D295  0:00:00.046  0:00:00.062 Wait:DelayExecution
 420  10      1733 77E7D295  0:00:00.000  0:00:00.046 Wait:LpcReceive
 438  11     35040 77E7D295  0:00:00.453  0:00:04.328 Wait:EventPairLow
 c28  10         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 c2c  10        29 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:2a8 pri: 9 Hnd:  320 Pf:  17281 Ws:    600K LSASS.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 2b4  10        19 77E7D295  0:00:00.000  0:00:00.000 Wait:Executive
 2b8   9      2700 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 2bc   9      3413 77E7D295  0:00:00.312  0:00:00.031 Wait:EventPairLow
 2c0   9       437 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 2c4   9        14 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 2cc   9      1296 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 2e8  11   2215788 77E7D295  0:00:43.906  0:01:08.671 Wait:EventPairLow
 2f0  10     22370 77E7D295  0:00:00.156  0:00:00.031 Wait:LpcReceive
 2fc   9         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 580   9        11 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 100   9         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 48c  10        51 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 5f0  11         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5d8   9         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5f8   9         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5ec   9         4 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 acc   9         8 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 1e8  10      2730 77E7D295  0:00:00.015  0:00:00.078 Wait:EventPairLow
 fdc   9        19 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:368 pri: 8 Hnd:  292 Pf:   1184 Ws:   3384K SVCHOST.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 36c   9        12 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 370   8       673 77E7D295  0:00:00.015  0:00:00.015 Wait:DelayExecution
 378   8        69 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 37c   8         8 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5c4   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 4fc   8       483 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 674   9       527 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive
 7e8   8       453 77E7D295  0:00:00.031  0:00:00.031 Wait:LpcReceive
 8e4   9       327 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive

pid:3b8 pri: 8 Hnd: 1410 Pf:  61279 Ws:  20524K SVCHOST.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 3bc   9       600 77E813F2  0:00:00.015  0:00:00.000 Wait:Executive
 3c8   8      1021 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive
 3cc   8       583 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 3dc   9        19 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 3e0   8      4553 77E7D295  0:00:06.750  0:00:00.390 Wait:EventPairLow
 404   8         7 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 43c   9       130 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 50c   8        28 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 510   9       650 77E7D295  0:00:00.015  0:00:00.078 Wait:UserRequest
 514   9     35957 77E7D295  0:00:00.250  0:00:00.218 Wait:EventPairLow
 51c   8        59 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 520  10      3841 77E7D295  0:00:00.046  0:00:00.000 Wait:EventPairLow
 524   8      2575 77E7D295  0:00:00.046  0:00:00.062 Wait:LpcReceive
 528   9      8747 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive
 52c  10      1059 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 530   9       191 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 574   8      1565 77E7D295  0:00:00.687  0:00:00.859 Wait:UserRequest
 5dc   8      6621 77E7D295  0:00:03.609  0:00:01.953 Wait:EventPairLow
 1a0   8      1351 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 1f8   9         8 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 200   8         7 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 204   8       399 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 234   8      2618 77E7D295  0:00:00.187  0:00:00.031 Wait:LpcReceive
 308  10        12 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 4ec   8        14 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 46c   8         9 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 5e8   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5e4  15        20 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 64c   9       102 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 650   8       143 77E7D295  0:00:00.015  0:00:00.062 Wait:UserRequest
 654   9       563 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 450   9       534 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 6d0   9      1715 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 448   8       537 77E7D295  0:00:00.000  0:00:00.031 Wait:LpcReceive
 754   8        46 77E7D295  0:00:00.031  0:00:00.000 Wait:EventPairLow
 760   8      2282 77E7D295  0:00:00.015  0:00:00.468 Wait:LpcReceive
 770  10       271 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 77c   9        14 77E7D295  0:00:00.000  0:00:00.078 Wait:UserRequest
 75c  11        20 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 6ac  10       142 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 820   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 824   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 828   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 82c   9       156 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 830   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 8d0   8         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 92c   8      1326 77E7D295  0:00:00.015  0:00:00.000 Wait:DelayExecution
 938   8      1476 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 940   9        29 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 944   9        13 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 948   9         8 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 954   9        13 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 958  10       147 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 960   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 964   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 968   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 9a4  10       224 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 b10   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReply
 c14   9        32 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 c1c   9         5 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 c20   9         5 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 c24   9         5 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 dfc   9         9 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 e40   9      6435 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive
  b8   9      6374 77E7D295  0:00:00.015  0:00:00.015 Wait:LpcReceive
 e54   9       241 77E7D295  0:00:00.031  0:00:00.000 Wait:LpcReceive
 5a4   8        30 77E7D295  0:00:00.015  0:00:00.000 Wait:LpcReceive
 c68   9        72 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
  bc   8       166 77E7D295  0:00:00.015  0:00:00.000 Wait:LpcReceive
 848   9        94 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 988   8         5 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 724   8         4 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 1e4   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 ba0   8        14 77E7D295  0:00:00.015  0:00:00.000 Wait:UserRequest

pid:47c pri: 8 Hnd:   68 Pf:   1441 Ws:   1892K SVCHOST.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 480   9        25 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 490   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 494  10         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 d50   9       459 77E7D295  0:00:00.015  0:00:00.000 Wait:LpcReceive
 158   9       129 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 41c   8       101 77E7D295  0:00:00.000  0:00:00.015 Wait:LpcReceive

pid:49c pri: 8 Hnd:  129 Pf:    905 Ws:   3408K SVCHOST.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 4a0   9        37 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 4a4   8         6 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 4b4   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 1bc   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 1c0   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 9b4  10       257 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 9bc   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 9c4   8      1286 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 9c8   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 a4c   8         6 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 a50   9        20 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 a54   9       259 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 a84   9         6 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
  80   9        10 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow

pid:538 pri: 8 Hnd:  354 Pf:   2200 Ws:   3164K LEXBCES.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 53c   8        18 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 540   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 544   8        17 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 54c   8         4 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 7a8   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:Executive
 c54   8        10 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5ac   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:Executive
 c70   9      2317 77E7D295  0:00:00.031  0:00:00.125 Wait:LpcReceive

pid:550 pri: 8 Hnd:  183 Pf: 263738 Ws:   6712K spoolsv.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 554   9        17 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 558   9         8 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 55c   8        29 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 568   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:Executive
 748   8       137 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 798   9       264 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 79c   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 7ec   9         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 7f0   8      1139 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 7f4   8        61 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
  94  10       289 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
  9c   8         6 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 b48   9      1671 77E7D295  0:00:00.000  0:00:00.046 Wait:LpcReceive

pid:1c8 pri: 8 Hnd:  121 Pf:   1022 Ws:   3920K ALG.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 1cc   9        16 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 1d0   9        36 77E7D295  0:00:00.015  0:00:00.000 Wait:UserRequest
 1e0   9        63 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 924   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 928   8      1286 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow

pid:1d4 pri: 8 Hnd:   85 Pf:    767 Ws:    568K acsd.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 1d8   9        27 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 1f0   8     25729 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 210   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 178   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
  6c   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 228   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 22c   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 230   8    496431 77E7D295  0:00:00.078  0:00:00.031 Wait:DelayExecution

pid:208 pri: 8 Hnd:   24 Pf:    346 Ws:   1348K Mcdetect.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 20c   8        16 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive

pid:24c pri:13 Hnd:  180 Pf:  10567 Ws:   5584K McShield.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 254  14        31 77E813F2  0:00:00.015  0:00:00.015 Wait:Executive
 248  13         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 25c  14        77 77E7D295  0:00:00.343  0:00:00.046 Wait:UserRequest
 2e4  13         9 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 320  13        18 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 2ac  14       248 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 360  13         7 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 380  13         7 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 384  13        21 77E7D295  0:00:00.015  0:00:00.000 Wait:EventPairLow
 388  13       456 77E7D295  0:00:02.328  0:00:00.062 Wait:EventPairLow
 38c  15         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 390  15         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 394  15         8 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 398  15       234 77E7D295  0:00:00.015  0:00:00.000 Wait:UserRequest
 39c  13       860 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 428  15       126 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 42c  13         3 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 1ec  14        21 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:284 pri: 8 Hnd:   64 Pf:    729 Ws:   2748K McTskshd.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 2d8   9       140 77E813F2  0:00:00.000  0:00:00.031 Wait:Executive
 454  10      1741 77E7D295  0:00:00.031  0:00:00.000 Wait:UserRequest

pid:4cc pri: 8 Hnd:  113 Pf:   1070 Ws:   3472K SVCHOST.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 4d4   9        12 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 4d8   8      1483 77E7D295  0:00:00.062  0:00:00.031 Wait:UserRequest
 658   9         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 804   8         7 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 f2c   9      2938 77E7D295  0:00:00.046  0:00:00.015 Wait:LpcReceive
 da0   9      3756 77E7D295  0:00:00.062  0:00:00.031 Wait:LpcReceive
 ecc   9        19 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:4f4 pri: 8 Hnd:   73 Pf:    621 Ws:    432K wanmpsvc.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 4f8   9        41 77E813F2  0:00:00.015  0:00:00.000 Wait:Executive
 648   8         9 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 600   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 5fc   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 698   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 6a0   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 60c   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:5bc pri: 8 Hnd:  112 Pf:   1013 Ws:   3756K fxssvc.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 44c   9        40 77E813F2  0:00:00.000  0:00:00.031 Wait:Executive
 74c   9        63 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 868   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 86c   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 870   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 874   8        19 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 878   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 880   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 884   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 88c   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 8f0   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 8f4   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 8f8   8        93 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 8fc   9        65 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 900   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 194   9        22 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow

pid:980 pri: 8 Hnd:  135 Pf:   1449 Ws:   3684K iPodService.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 984   8        27 77E813F2  0:00:00.015  0:00:00.000 Wait:Executive
 994   9        46 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 9c0   8     96575 77E7D295  0:00:00.031  0:00:00.015 Wait:DelayExecution
 9cc   8     96385 77E7D295  0:00:00.046  0:00:00.046 Wait:DelayExecution
 9d4   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 a04   8      4877 77E7D295  0:00:00.062  0:00:00.109 Wait:UserRequest
 a08   8      5669 77E7D295  0:00:00.078  0:00:00.109 Wait:UserRequest
 a0c   8      4386 77E7D295  0:00:00.078  0:00:00.046 Wait:UserRequest
 a10   8    169165 77E7D295  0:00:00.046  0:00:00.015 Wait:UserRequest
 a14  10     53520 77E7D295  0:00:00.093  0:00:00.031 Wait:UserRequest
 91c   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:ed0 pri: 8 Hnd:  702 Pf: 392747 Ws:  18440K EXPLORER.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 ec4  10      4456 77E813F2  0:00:00.218  0:00:00.921 Wait:UserRequest
 6fc  11     46250 77E7D295  0:00:00.984  0:00:04.046 Wait:UserRequest
 fd8  10        18 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 fa8  10         6 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 b7c  10      4005 77E7D295  0:00:00.156  0:00:00.109 Wait:UserRequest
 ee4  12      4575 77E7D295  0:00:00.015  0:00:00.203 Wait:UserRequest
 bbc  15         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 d48  11       258 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 f94  10        68 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 30c  10     34277 77E7D295  0:00:01.796  0:00:05.296 Wait:UserRequest
 6f4  11         6 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 fcc  12     30309 77E7D295  0:00:05.593  0:00:11.046 Wait:UserRequest
  84  10       337 77E7D295  0:00:00.000  0:00:00.109 Wait:UserRequest
 a28   8      2101 77E7D295  0:00:00.437  0:00:00.843 Wait:UserRequest
 e34  11       191 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 c84  10     34282 77E7D295  0:00:02.578  0:00:07.875 Wait:UserRequest
 7d8  10        34 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 ec0  11       129 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 a74   8      2870 77E7D295  0:00:00.359  0:00:01.078 Wait:EventPairLow
 db0   8      3932 77E7D295  0:00:00.812  0:00:01.687 Wait:UserRequest
 6c4  10         9 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 80c  10     36188 77E7D295  0:00:02.140  0:00:05.968 Wait:UserRequest
 67c  11     14424 77E7D295  0:00:00.031  0:00:00.140 Wait:UserRequest
 3c4  15        17 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 b64   5        16 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:aa8 pri: 8 Hnd:   83 Pf:    941 Ws:   3712K hkcmd.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 a98  10      1488 77E813F2  0:00:00.031  0:00:00.093 Wait:UserRequest
 590   8        27 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:cb0 pri: 8 Hnd:  128 Pf:   1513 Ws:   5108K mcagent.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 bb4  10       434 77E813F2  0:00:00.015  0:00:00.140 Wait:UserRequest
 f48   9        31 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:cf0 pri: 8 Hnd:  121 Pf:   1208 Ws:   4524K mcvsshld.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 e74  10       400 77E813F2  0:00:00.015  0:00:00.078 Wait:UserRequest
 19c   8        33 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:fac pri: 8 Hnd:   22 Pf:    495 Ws:   1948K dlbabmgr.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 758  10      1976 77E813F2  0:00:00.015  0:00:00.015 Wait:UserRequest

pid:83c pri: 8 Hnd:   81 Pf:    643 Ws:   2536K oasclnt.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 b2c  10       210 77E813F2  0:00:00.015  0:00:00.000 Wait:UserRequest
 c88   8        28 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:ce8 pri: 8 Hnd:   86 Pf:    984 Ws:   3776K iTunesHelper.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 9f4  10       173 77E813F2  0:00:00.000  0:00:00.015 Wait:UserRequest
 4e4  10        43 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 e08   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 484   9         7 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid: fc pri: 8 Hnd:   42 Pf:   1104 Ws:   4316K dlbabmon.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 7bc   8      6715 77E813F2  0:00:00.015  0:00:00.015 Wait:UserRequest

pid:9d0 pri: 8 Hnd:  279 Pf:   5218 Ws:   4956K GoogleUpdater.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 594  10       595 77E813F2  0:00:00.109  0:00:00.234 Wait:UserRequest
 710   9       141 77E7D295  0:00:00.093  0:00:00.046 Wait:UserRequest
 3a8   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 6a4   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 de0   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 548   9        76 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 128   8         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 f28   9         3 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 f20   8        81 77E7D295  0:00:00.031  0:00:00.000 Wait:UserRequest
 4ac   9         4 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:dd0 pri:13 Hnd:   60 Pf:   2829 Ws:   1560K TASKMGR.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 a30  14     27324 77E813F2  0:00:00.156  0:00:00.390 Wait:UserRequest
 f08  15     12023 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 ef4  13     12222 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest

pid:f74 pri: 8 Hnd:  697 Pf:  82629 Ws:  32436K IEXPLORE.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 ff4  10     96330 77E813F2  0:00:22.953  0:00:12.500 Wait:UserRequest
 5b8   7         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 4b8  10     13276 77E7D295  0:00:00.218  0:00:00.046 Wait:UserRequest
 f50  10        43 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
  7c  15         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
  ac  12       486 77E7D295  0:00:00.000  0:00:00.093 Wait:UserRequest
 7c0   8     86794 77E7D295  0:00:00.000  0:00:00.015 Ready
 62c   8         3 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 644   9         3 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 d40   9        69 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 7a4  10         4 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 740   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest

pid:9e4 pri: 8 Hnd:   21 Pf:    579 Ws:    772K CMD.EXE
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 a18   8       697 77E813F2  0:00:00.015  0:00:00.031 Wait:UserRequest

pid:93c pri: 8 Hnd:  277 Pf: 218678 Ws:  70576K firefox.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 138  10    261167 77E813F2  0:00:59.828  0:00:29.140 Wait:UserRequest
 f70  10        37 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 e98   9       228 77E7D295  0:00:00.000  0:00:00.000 Wait:EventPairLow
 ad0  10      8687 77E7D295  0:00:00.187  0:00:00.171 Wait:UserRequest
 950   8         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 97c   8     42822 77E7D295  0:00:00.078  0:00:00.015 Wait:UserRequest
 b50  10        81 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 184   8      8419 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 6dc   8      8368 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 aec   8      2735 77E7D295  0:00:00.031  0:00:00.109 Wait:UserRequest
 c94   8      6035 77E7D295  0:00:01.718  0:00:00.078 Wait:UserRequest
 d70  15         1 77E7D295  0:00:00.000  0:00:00.000 Wait:UserRequest
 f38  15    201065 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
  e8  10        55 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 718   8         2 77E7D295  0:00:00.000  0:00:00.000 Wait:DelayExecution
 fb8   9        29 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:1f4 pri: 8 Hnd:  118 Pf:   2230 Ws:   6404K msiexec.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 614   9        43 77E813F2  0:00:00.000  0:00:00.000 Wait:Executive
 a00   9        74 77E7D295  0:00:00.000  0:00:00.015 Wait:UserRequest
 d60   8      2616 77E7D295  0:00:00.031  0:00:00.015 Wait:LpcReceive
 6f8   8        40 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive
 578   9        25 77E7D295  0:00:00.000  0:00:00.000 Wait:LpcReceive

pid:65c pri: 8 Hnd:   13 Pf:    233 Ws:    940K pstat.exe
 tid pri Ctx Swtch StrtAddr    User Time  Kernel Time  State
 8a8   8        38 77E813F2  0:00:00.000  0:00:00.015 Running

  ModuleName Load Addr   Code    Data   Paged           LinkDate
------------------------------------------------------------------------------
ntoskrnl.exe 804D4000  434048   76032 1166336 Tue Mar 01 20:33:24 2005
     hal.dll 806C7000   32896   42624   28672 Thu Aug 29 04:05:02 2002
   KDCOM.DLL F8A38000    2560     256    1280 Fri Aug 17 16:49:10 2001
 BOOTVID.dll F8948000    5632    3584       0 Fri Aug 17 16:49:09 2001
    ACPI.sys F84EB000  103936   11008   40192 Thu Aug 29 04:09:03 2002
  WMILIB.SYS F8A3A000     512       0    1280 Fri Aug 17 17:07:23 2001
     pci.sys F8538000   14464    1664   30976 Thu Aug 29 04:09:10 2002
  isapnp.sys F8548000    8704     768   18688 Fri Aug 17 16:58:01 2001
  pciide.sys F8B00000     896     128       0 Fri Aug 17 16:51:49 2001
 PCIIDEX.SYS F87B8000    5120     512   12288 Fri Jan 31 18:43:28 2003
MountMgr.sys F8558000    1280     128   29696 Fri Aug 17 16:47:36 2001
  ftdisk.sys F84CC000    5888     128  102400 Fri Aug 17 16:52:41 2001
 PartMgr.sys F87C0000    1920     128   11136 Fri Aug 17 21:32:23 2001
 VolSnap.sys F8568000    2304     128   32512 Fri Aug 17 16:53:19 2001
   atapi.sys F84B6000   41728    3584   26112 Wed Apr 23 12:29:51 2003
    disk.sys F8578000    7808     256   16256 Thu Aug 29 04:27:56 2002
CLASSPNP.SYS F8588000   23424     128   14336 Thu Aug 29 05:08:42 2002
      sr.sys F84A5000    1792    1152   51200 Thu Aug 29 04:17:56 2002
PxHelp20.sys F87C8000    8480    7648       0 Tue Feb 01 18:23:42 2005
 drvmcdb.sys F8490000   61408   12992       0 Thu Jul 31 20:51:10 2003
  KSecDD.sys F847C000    9216    6784   53504 Fri Aug 17 16:50:01 2001
    Ntfs.sys F83F2000   92288    6912  404608 Thu Aug 29 05:13:37 2002
    NDIS.sys F83C8000   18560    1024  122880 Sat Oct 04 03:54:08 2003
     Mup.sys F83AE000   13824    6144   70272 Thu Aug 29 05:12:53 2002
processr.sys F88C0000    7552    1408    9216 Thu Aug 29 04:05:03 2002
 ialmnt5.sys F79AE000  598528  171712   14464 Tue Jun 21 20:12:33 2005
VIDEOPRT.SYS F799C000    9984     384   43008 Thu Aug 29 04:32:03 2002
 usbuhci.sys F88C8000   15744     384       0 Sat Aug 02 05:34:33 2003
 USBPORT.SYS F797A000  116352    1024   10368 Wed Aug 13 13:23:37 2003
 usbehci.sys F88D0000   21120     768       0 Sat Aug 02 05:34:31 2003
   BCMSM.sys F786D000  750848  207872   16640 Wed Aug 27 23:05:02 2003
      ks.sys F784D000   28800     128   79744 Wed Dec 04 12:09:38 2002
   Modem.SYS F88D8000    1280     128   19968 Fri Aug 17 16:57:35 2001
bcm4sbxp.sys F8618000   28928    6400       0 Thu May 15 21:09:31 2003
     fdc.sys F88E0000   18176     256     384 Fri Aug 17 16:51:22 2001
i8042prt.sys F8628000   11648     256   22016 Thu Aug 29 05:06:37 2002
kbdclass.sys F88E8000    6528     896    6144 Thu Aug 29 04:26:59 2002
  serial.sys F8638000   11392     256   29312 Thu Aug 29 05:08:27 2002
 serenum.sys F835D000    2688     128    7552 Fri Aug 17 16:50:13 2001
 parport.sys F783A000   63232    1280     256 Thu Aug 29 04:27:29 2002
   imapi.sys F8648000   10240     256   19328 Thu Aug 29 04:28:05 2002
     pfc.sys F8359000    6272     128       0 Fri Sep 19 19:47:22 2003
  MxlW2k.SYS F88F0000   21280      64       0 Sat Sep 13 19:18:32 2003
sscdbhk5.sys F8A82000    2720     160       0 Mon Jul 14 14:28:38 2003
   cdrom.sys F8658000   31872     128    5632 Thu Aug 29 04:27:55 2002
 redbook.sys F8668000    6400    1152   36096 Thu Aug 29 04:27:45 2002
GEARAspiWDM.sys F88F8000    4096    4096    4096 Fri Jul 14 15:02:57 2006
   smwdm.sys F77B4000  334208   48128   58368 Fri Feb 28 09:17:15 2003
 portcls.sys F7793000   39168   10496   60032 Thu Aug 29 05:00:58 2002
    drmk.sys F8678000    5120    1280   45824 Thu Aug 29 04:32:30 2002
 aeaudio.sys F8A84000    1184      32     256 Mon Apr 01 09:39:14 2002
windrvr6.sys F7765000  129056   49824       0 Mon Mar 21 05:57:07 2005
 audstub.sys F8B20000     128       0     512 Fri Aug 17 16:59:40 2001
 rasl2tp.sys F8688000   41984     512       0 Thu Aug 29 05:06:36 2002
ndistapi.sys F89C4000    5248     128       0 Fri Aug 17 16:55:29 2001
 ndiswan.sys F774F000   68352    2432       0 Thu Aug 29 04:58:38 2002
raspppoe.sys F8698000   29056    4608       0 Fri Aug 17 16:55:33 2001
 raspptp.sys F86A8000   38400     896       0 Thu Aug 29 05:12:46 2002
     TDI.SYS F89C8000    9472     512     256 Fri Aug 17 16:57:25 2001
  psched.sys F773E000   49792    2048    3968 Thu Aug 29 04:35:54 2002
   msgpc.sys F86B8000   27264    1408     512 Fri Aug 17 16:54:19 2001
 ptilink.sys F8900000   12928     256       0 Fri Aug 17 16:49:53 2001
  raspti.sys F8908000   11008     640       0 Fri Aug 17 16:55:32 2001
 wanatw4.sys F8910000    9248    7808     608 Tue Jul 16 11:23:14 2002
  termdd.sys F86C8000   25216     768    2304 Thu Aug 29 04:40:32 2002
mouclass.sys F8918000    5888     896    5504 Thu Aug 29 04:27:00 2002
  swenum.sys F8B24000     384     128     640 Wed Dec 04 12:10:07 2002
  update.sys F771C000    2048     768  129792 Fri Aug 17 23:53:56 2001
    omci.sys F8920000   12640      96      96 Mon Nov 04 18:05:02 2002
 NDProxy.SYS F86D8000   29184    2176       0 Fri Aug 17 16:55:30 2001
  usbhub.sys F86F8000   25472     768   19840 Sat Aug 02 05:34:33 2003
    USBD.SYS F8A88000     256       0     896 Fri Aug 17 17:02:58 2001
 i2omgmt.SYS F8A8C000    3712     384       0 Fri Aug 17 16:56:15 2001
  Fs_Rec.SYS F8A8E000     128     128    3584 Fri Aug 17 16:49:37 2001
    Null.SYS F8B45000       0     128     384 Fri Aug 17 16:47:39 2001
    Beep.SYS F8A90000    1152       0       0 Fri Aug 17 16:47:33 2001
  ssrtln.sys F8930000   11648    5248       0 Mon Jul 14 14:28:21 2003
     vga.sys F8938000     768     128   14848 Thu Aug 29 04:32:03 2002
   mnmdd.SYS F8A92000       0       0    1792 Fri Aug 17 16:57:28 2001
  RDPCDD.sys F8A94000       0       0    1792 Fri Aug 17 16:46:56 2001
    Msfs.SYS F8940000     896     128   11264 Fri Aug 17 16:50:02 2001
    Npfs.SYS F87E0000    1664     256   20352 Fri Aug 17 16:50:03 2001
  rasacd.sys F8A08000    3840     128     512 Fri Aug 17 16:55:39 2001
   ipsec.sys F8728000   46976    1792    2432 Thu Aug 29 05:07:19 2002
   tcpip.sys EF601000  240512   39040   21504 Wed May 25 15:41:07 2005
   netbt.sys EF5DA000  105984    1664   32512 Thu Aug 29 05:01:56 2002
 netbios.sys F8738000   14336     768   11648 Thu Aug 29 04:35:45 2002
   rdbss.sys EF5B0000   34304    2688  108928 Tue Oct 12 12:22:19 2004
  mrxsmb.sys EF544000  111872   20992  266880 Tue Jan 18 22:51:35 2005
    Fips.SYS F8758000   22016     768    3584 Fri Aug 17 21:31:49 2001
  wanarp.sys F8768000   21632     896    3328 Fri Aug 17 16:55:23 2001
 usbccgp.sys F87F8000   11904     256   11520 Sat Aug 02 05:34:35 2003
  hidusb.sys F8A30000    4352     128    1920 Fri Aug 17 17:02:16 2001
HIDCLASS.SYS F8778000   20096     256    7936 Thu Aug 29 04:32:40 2002
HIDPARSE.SYS F8800000   10880    1408    7936 Fri Aug 17 17:02:04 2001
 usbscan.sys F8A34000    2432     128    7552 Thu Aug 29 04:48:51 2002
usbprint.sys F8808000   19456     128     256 Thu Aug 29 04:50:01 2002
  mouhid.sys F89BC000    3584     128    2560 Fri Aug 17 16:47:57 2001
    Cdfs.SYS F7AF4000    6528     640   42880 Thu Aug 29 04:58:50 2002
dump_atapi.sys EF506000       0       0       0
dump_WMILIB.SYS F8A9C000       0       0       0
  win32k.sys BF800000 1578880   77184       0 Tue Mar 01 20:34:22 2005
   Dxapi.sys F7704000    6272     384     640 Fri Aug 17 16:53:19 2001
watchdog.sys F7700000    2816     128    8320 Thu Aug 29 04:32:20 2002
     dxg.sys BFF80000   59520     896       0 Thu Aug 29 06:40:42 2002
  dxgthk.sys F8B35000     128       0       0 Fri Aug 17 16:53:12 2001
ialmdnt5.dll BF9C5000   98304    4096       0 Tue Jun 21 20:04:39 2005
ialmrnt5.dll BF9B7000   32768    4096       0 Tue Jun 21 20:04:46 2005
ialmdev5.DLL BF9E4000  161856   11008       0 Tue Jun 21 20:04:29 2005
 ialmdd5.DLL BFA10000  708608  135168       0 Tue Jun 21 20:11:47 2005
 drvnddm.sys F7B04000   21472   11392       0 Fri Jun 20 19:55:12 2003
tfsndres.sys F8C40000       0       0       0
 tfsnifs.sys EF3B1000       0       0       0
tfsnopio.sys F89F0000       0       0       0
tfsnpool.sys F8AC0000       0       0       0
tfsnboio.sys F8810000       0       0       0
tfsncofs.sys F7AE4000       0       0       0
tfsndrct.sys F8C41000       0       0       0
 tfsnudf.sys EF399000       0       0       0
tfsnudfa.sys EF380000       0       0       0
     afd.sys EF297000    3840    2048  105984 Thu Aug 29 05:01:13 2002
 ndisuio.sys EF402000    6912     256     640 Sat Aug 02 05:38:10 2003
sysaudio.sys EF2D8000    2560     128   44160 Thu Aug 29 05:01:17 2002
  wdmaud.sys EEF91000    7936    2048   60160 Thu Aug 29 05:00:46 2002
  mrxdav.sys EEB4F000   24960    5504  122880 Mon Apr 25 21:58:01 2005
  ParVdm.SYS F8A64000    1408     128       0 Fri Aug 17 16:49:49 2001
     srv.sys EEA88000   52224    8320  226816 Mon May 09 20:39:21 2005
naiavf5x.sys EE9A4000   95968    1376       0 Mon Jun 13 18:54:46 2005
  secdrv.sys EE974000    7072    1472       0 Mon Apr 08 04:50:52 2002
vvsmuwtm.sys EE964000    5376       0       0 Wed Nov 30 03:11:18 2005
   ipnat.sys EE722000   63744    4096     512 Thu Aug 29 04:36:12 2002
 Fastfat.SYS EE10F000    8704     768  116864 Thu Aug 29 05:12:45 2002
   ATMFD.DLL BFFA0000  203648   34176       0 Fri Aug 17 17:55:56 2001
  kmixer.sys EE0E8000   12032   35840   94208 Thu Aug 29 04:32:28 2002
 PROCEXP.SYS F8A7A000       0       0       0
TSKNF602.SYS EEB2F000    7904     288       0 Sat Jan 07 10:41:39 2006
   NTDLL.DLL 77F50000  466944   20480       0 Thu Aug 29 06:40:40 2002
------------------------------------------------------------------------------
       Total          7929600 1159072 4257344

0
Comment
Question by:johnfaig
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 27

Expert Comment

by:Jonvee
ID: 18012797
ntoskrnl.exe appears to be running at the exception address.
Possibly it's been corrupted.   Have you tried running your SFC ?

Start > Run > type "SFC /scannow" (without the quotes).  Select enter.
You may be asked for your Windows CD-ROM.

"How to use the scannow sfc tool in Windows XP":
http://www.updatexp.com/scannow-sfc.html
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 75 total points
ID: 18012858
You may find this previous thread helpful >

"How to analyse XP minidumps":
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21244657.html
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18012871
Can we look at a hijackthis log?
Could be haxdoor, but I'm just guessing.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 3

Assisted Solution

by:Stekman99
Stekman99 earned 75 total points
ID: 18014203
I looked thru the dump and Im pretty sure its the haxdoor.

Here is a KB how to solwe the haxdoor virus problem:
support.microsoft.com/kb/903251

Cheers,
Stefan
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:johnfaig
ID: 18024140

Logfile of HijackThis v1.99.1
Scan saved at 7:30:19 PM, on 11/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greenmountainwindow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYUS_ZCYYYYYYYYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O18 - Filter: text/html - {C94B51CD-DB1E-4C1F-B684-701D3998632E} - (no file)
O18 - Filter: text/plain - {C94B51CD-DB1E-4C1F-B684-701D3998632E} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 350 total points
ID: 18025023
What ever it is, it's not showing in the hijackthis log.
I would suggest uninstalling "MyWebSearch" from add/remove programs list.


Please put a check next to these entries and while all browsers and other windows are closed click "Fix Checked"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank  
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL  
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL  
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYUS_ZCYYYYYYYYUS
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm  
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab  
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O18 - Filter: text/plain - {C94B51CD-DB1E-4C1F-B684-701D3998632E} - (no file)


We could also run other diagnostic tools, or we can just run haxdoor tool and see if it finds any haxdoor files.
See if BSOD stops after you fix those entries from hijackthis, probably won't, then we need to run other tools.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18025082
It's also a good idea to run AboutBuster to check if it finds nasty files belonging to About:Blank
http://www.majorgeeks.com/download4289.html
First unzip all files from the zip folder to a folder or your desktop.
Start it and hit ok.
Then hit update. A new screen should popup. On that screen hit Check for Updates.
If it says it found an update hit "Download Updates". If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot.

Once rebooted run About:Buster once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day.
0
 

Author Comment

by:johnfaig
ID: 18063314
rpggamegirl,

I closed this and awarded points.  If you get a chance, please review anothe related minidump at this problem:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22080628.html

Thanks
JDF
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now