theraid Posted August 19, 2008 Report Share Posted August 19, 2008 hi.. having BSOD at random interval.. can happen anytime as long as a torrent is downloading.. how do i fix this? thanks!not sure if i've done this correctly..but here's the orignal dumpfilehttp://www.mediafire.com/download.php?viwxz8nv3tv======================================================HIJACKTHISLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:21 PM, on 8/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\PC Auto Shutdown\ShutdownService.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\mqsvc.exeC:\Program Files\VMware\VMware Workstation\vmware-authd.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\system32\mqtgsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\VMware\VMware Workstation\vmware-tray.exeC:\Program Files\VMware\VMware Workstation\hqtray.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Rainlendar2\Rainlendar2.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\Launchy\Launchy.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeE:\[software]\vncviewer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Debugging Tools for Windows (x86)\windbg.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\User\Desktop\new softwares\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_SG&c=64&bd=presario&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dllO2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exeO4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - Global Startup: AutorunsDisabledO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exeO8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptopO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194686315874O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D486CA81-A07A-473C-B196-1BB7C1619D4D}: NameServer = 164.78.237.13,164.78.239.13O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 13071 bytes================================================================================================================================PROCESS LOGProcess PID CPU Description Company NameSystem Idle Process 0 78.36 Interrupts n/a 2.99 Hardware Interrupts DPCs n/a 5.22 Deferred Procedure Calls System 4 explorer.exe 340 0.75 Windows Explorer Microsoft Corporation ehtray.exe 4004 Media Center Tray Applet Microsoft Corporation SynTPEnh.exe 2092 Synaptics TouchPad Enhancements Synaptics, Inc. QPService.exe 2160 HP QuickPlay Resident Program CyberLink Corp. QLBCTRL.exe 2312 QLB Controller Hewlett-Packard Development Company, L.P. hkcmd.exe 2056 hkcmd Module Intel Corporation igfxpers.exe 3952 persistence Module Intel Corporation hpwuSchd2.exe 2916 hpwuSchd Application Hewlett-Packard vmware-tray.exe 600 VMware Tray Process VMware, Inc. hqtray.exe 3028 VMware Host Network Access Status Tray Application VMware, Inc. zlclient.exe 2684 ZoneAlarm Client Zone Labs, LLC egui.exe 3584 Eset GUI ESET GoogleDesktop.exe 4052 Google Desktop Google GoogleDesktop.exe 2096 Google Desktop Google msnmsgr.exe 3044 Windows Live Messenger Microsoft Corporation ctfmon.exe 3524 CTF Loader Microsoft Corporation uTorrent.exe 3532 0.75 µTorrent BitTorrent, Inc. Rainlendar2.exe 1868 Rainlendar2 wmpnscfg.exe 2288 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation GoogleUpdater.exe 2568 Google Updater Google Launchy.exe 1712 vncviewer.exe 2632 8.21 VNC Viewer Enterprise Edition for Win32 RealVNC Ltd. firefox.exe 1252 Firefox Mozilla Corporation MyPhoneExplorer.exe 2436 MyPhoneExplorer F.J. Wechselberger notepad.exe 3548 Notepad Microsoft Corporation procexp.exe 2772 Sysinternals Process Explorer Sysinternals - www.sysinternals.comnotepad.exe 2484 Notepad Microsoft CorporationProcess: uTorrent.exe Pid: 3532Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001c_936.nls c_950.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.0700credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.01.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.01.2600.5512eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.5512mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512msi.dll Windows Installer Microsoft Corporation 3.01.4001.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5625NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5512netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.01.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.5512unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.5512================================================================================================================================Microsoft ® Windows Debugger Version 6.9.0003.113 X86Copyright © Microsoft Corporation. All rights reserved.Loading Dump File [C:\Documents and Settings\User\Desktop\WER0ed9.dir00\Mini081908-01.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: *** Invalid ******************************************************************************** Symbol loading may be unreliable without a symbol search path. ** Use .symfix to have the debugger choose a symbol path. ** After setting your symbol path, use .reload to refresh symbol locations. *****************************************************************************Executable search path is: ********************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ **********************************************************************Unable to load image ntoskrnl.exe, Win32 error 0n2*** WARNING: Unable to verify timestamp for ntoskrnl.exe*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exeWindows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSKernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Tue Aug 19 12:00:44.687 2008 (GMT+8)System Uptime: 0 days 3:46:18.363********************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ **********************************************************************Unable to load image ntoskrnl.exe, Win32 error 0n2*** WARNING: Unable to verify timestamp for ntoskrnl.exe*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exeLoading Kernel Symbols..............................................................................................................................................................Loading User SymbolsLoading unloaded module list............******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck C2, {7, cd4, 2060000, 89aa7008}***** Kernel symbols are WRONG. Please fix symbols to do analysis.*** WARNING: Unable to verify timestamp for tcpip.sys*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys*** WARNING: Unable to verify timestamp for vsdatant.sys*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!PVOID ****** ****************************************************************************unable to get nt!MmSpecialPoolStartunable to get nt!MmSpecialPoolEnd**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_POOL_HEADER ****** ****************************************************************************unable to get nt!MmPoolCodeStartunable to get nt!MmPoolCodeEnd**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_POOL_HEADER ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ****** ****************************************************************************Cannot get _POOL_TRACKER_BIG_PAGES type size**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ************************************************************************************************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ ******************************************************************************************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ **********************************************************************Probably caused by : vsdatant.sys ( vsdatant+450c1 )Followup: MachineOwner--------- Link to comment Share on other sites More sharing options...
Firon Posted August 19, 2008 Report Share Posted August 19, 2008 Zone Alarm's fault. Uninstall it. Link to comment Share on other sites More sharing options...
Ultima Posted August 19, 2008 Report Share Posted August 19, 2008 http://www.file.net/process/vsdatant.sys.htmlDefinitely a ZA issue. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.