ThinkingWolf
06-18-2008, 02:04 PM
Any help would be greatly appreciated.
I receive a dialog at startup and about every minute while”running.”
pctsSvc.exe – Application Error
“The exception unknown software exception (0x0eedfade) occurred in the application at location 0x7c812a5b).” <OK>
The SpyWare Doctor bugreport file contains this recent entry:
date/time : 2008-06-17, 07:09:48, 531ms
computer name : FOURK
user name : SYSTEM <admin>
registered owner : Papa
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 2 minutes 7 seconds
program up time : 13 seconds
processors : 2x Genuine Intel(R) CPU T2050 @ 1.60GHz
physical memory : 1411/2046 MB (free/total)
free disk space : (C:) 83.76 GB
display mode : 1440x900, 32 bit
process id : $f48
allocated memory : 127.32 MB
executable : pctsSvc.exe
exec. date/time : 2008-03-04 17:49
version : 5.5.0.75
compiled with : Delphi 2006
madExcept version : 3.0f beta 1
callstack crc : $91c2e4d2, $03cdd515, $03cdd515
exception number : 1
exception class : EInvalidPointer
exception message : Invalid pointer operation.
thread $f4c:
51f2a13d +00d rtl100.bpl System TInterfacedObject.BeforeDestruction
51f26a0d +009 rtl100.bpl System @BeforeDestruction
51f265c4 +008 rtl100.bpl System TObject.Free
51f3ac28 +008 rtl100.bpl Sysutils FreeAndNil
00448ed8 +054 pctsSvc.exe madExcept InterceptFinalizeUnits
51f27682 +056 rtl100.bpl System @Halt0
7c923f2c +13d ntdll.dll LdrShutdownProcess
7c81cde9 +00f kernel32.dll ExitProcess
51f276ec +0c0 rtl100.bpl System @Halt0
004aefe2 +38e pctsSvc.exe pctsSvc 287 +174 initialization
modules:
00320000 SysAccess.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00350000 ikdll.dll 5.0.2.1040 C:\Program Files\Spyware Doctor
00380000 commhlpr.dll 5.5.1.0 C:\Program Files\Spyware Doctor
003a0000 RegHelper.dll 5.5.1.0 C:\Program Files\Spyware Doctor
003c0000 filehlpr.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00400000 pctsSvc.exe 5.5.0.75 C:\Program Files\Spyware Doctor
004f0000 CommOM.dll 5.5.1.4 C:\Program Files\Spyware Doctor
00650000 CommLib.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00760000 inethlpr.dll 5.5.1.3 C:\Program Files\Spyware Doctor
007c0000 sdcore.dll 5.5.1.3 C:\Program Files\Spyware Doctor
02ea0000 FileStorage.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f00000 Settings.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f20000 IDBLib.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f70000 SDInfo.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03610000 SDExtra.sdp 5.5.1.2 C:\Program Files\Spyware Doctor
03660000 Immunizer.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03680000 Localizer.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
037f0000 NfyMan.sdp 5.5.1.1 C:\Program Files\Spyware Doctor
03810000 BH.dll 5.5.1.0 C:\Program Files\Spyware Doctor
03860000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
03a80000 RebootManager.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03ab0000 scaneng.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03c00000 stasks.sdp 5.5.1.1 C:\Program Files\Spyware Doctor
03c30000 whitelist.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03d80000 grregistry.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b090000 Browsers.SDP 5.5.1.1 C:\Program Files\Spyware Doctor\plugins
0b0e0000 cookie.sdp 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b120000 grfiles.SDP 5.5.1.2 C:\Program Files\Spyware Doctor\plugins
0b170000 PCToolsComponents.bpl 5.5.0.5 C:\Program Files\Spyware Doctor
0b1e0000 SH.dll 5.5.1.1 C:\Program Files\Spyware Doctor
0b220000 KLGuard.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b2a0000 Network.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b400000 Process.SDP 5.5.1.1 C:\Program Files\Spyware Doctor\plugins
0b480000 SDNET.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b510000 StartUp.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
10000000 PCTWSC.dll 1.0.0.12 C:\Program Files\Spyware Doctor
14200000 quarantine.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
20000000 xpsp2res.dll 5.1.2600.2180 C:\WINDOWS\system32
51f20000 rtl100.bpl 10.0.2288.42451 C:\Program Files\Spyware Doctor
52000000 vcl100.bpl 10.0.2288.42451 C:\Program Files\Spyware Doctor
58d40000 Wship6.dll 5.1.2600.2180 C:\WINDOWS\system32
5a000000 klg.dat 5.5.0.2 C:\Program Files\Spyware Doctor
5ad70000 uxtheme.dll 6.0.2900.2180 C:\WINDOWS\system32
5b860000 NETAPI32.dll 5.1.2600.2976 C:\WINDOWS\system32
5c060000 SrClient.dll 5.1.2600.2180 C:\WINDOWS\system32
5d090000 COMCTL32.dll 5.82.2900.2982 C:\WINDOWS\system32
5edd0000 olepro32.dll 5.1.2600.2180 C:\WINDOWS\system32
666f0000 inetmib1.dll 5.1.2600.2180 C:\WINDOWS\system32
692c0000 framedyn.dll 5.1.2600.2180 C:\WINDOWS\System32\Wbem
71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WINDOWS\system32
71ab0000 WS2_32.dll 5.1.2600.2180 C:\WINDOWS\system32
71ad0000 wsock32.dll 5.1.2600.2180 C:\WINDOWS\system32
71b20000 mpr.dll 5.1.2600.2180 C:\WINDOWS\system32
71bf0000 SAMLIB.dll 5.1.2600.2180 C:\WINDOWS\system32
71f60000 snmpapi.dll 5.1.2600.2180 C:\WINDOWS\system32
73000000 winspool.drv 5.1.2600.2180 C:\WINDOWS\system32
74c80000 oleacc.dll 4.2.5406.0 C:\WINDOWS\system32
74ed0000 wbemsvc.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
74ef0000 wbemprox.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
75290000 wbemcomn.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
75690000 fastprox.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
76080000 MSVCP60.dll 6.2.3104.0 C:\WINDOWS\system32
76360000 WINSTA.dll 5.1.2600.2180 C:\WINDOWS\system32
76380000 msimg32.dll 5.1.2600.2180 C:\WINDOWS\system32
76390000 IMM32.DLL 5.1.2600.2180 C:\WINDOWS\system32
763b0000 comdlg32.dll 6.0.2900.2180 C:\WINDOWS\system32
767a0000 NTDSAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76b20000 ATL.DLL 3.5.2284.0 C:\WINDOWS\system32
76c90000 IMAGEHLP.DLL 5.1.2600.2180 C:\WINDOWS\system32
76d40000 MPRAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76d60000 iphlpapi.dll 5.1.2600.2912 C:\WINDOWS\system32
76e10000 adsldpc.dll 5.1.2600.2180 C:\WINDOWS\system32
76e80000 rtutils.dll 5.1.2600.2180 C:\WINDOWS\system32
76f20000 DNSAPI.dll 5.1.2600.3316 C:\WINDOWS\system32
76f50000 Wtsapi32.dll 5.1.2600.2180 C:\WINDOWS\system32
76f60000 WLDAP32.dll 5.1.2600.2180 C:\WINDOWS\system32
76fd0000 CLBCATQ.DLL 2001.12.4414.308 C:\WINDOWS\system32
77050000 COMRes.dll 2001.12.4414.258 C:\WINDOWS\system32
77120000 oleaut32.dll 5.1.2600.3266 C:\WINDOWS\system32
773d0000 comctl32.dll 6.0.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
774e0000 ole32.dll 5.1.2600.2726 C:\WINDOWS\system32
77690000 NTMARTA.DLL 5.1.2600.2180 C:\WINDOWS\system32
77920000 SETUPAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
77c00000 version.dll 5.1.2600.2180 C:\WINDOWS\system32
77c10000 msvcrt.dll 7.0.2600.2180 C:\WINDOWS\system32
77c70000 msv1_0.dll 5.1.2600.2180 C:\WINDOWS\system32
77cc0000 ACTIVEDS.dll 5.1.2600.2180 C:\WINDOWS\system32
77dd0000 ADVAPI32.dll 5.1.2600.2180 C:\WINDOWS\system32
77e70000 RPCRT4.dll 5.1.2600.3173 C:\WINDOWS\system32
77f10000 GDI32.dll 5.1.2600.3316 C:\WINDOWS\system32
77f60000 SHLWAPI.dll 6.0.2900.3199 C:\WINDOWS\system32
77fe0000 Secur32.dll 5.1.2600.2180 C:\WINDOWS\system32
78000000 iertutil.dll 7.0.6000.16674 C:\WINDOWS\system32
78050000 wininet.dll 7.0.6000.16674 C:\WINDOWS\system32
7c800000 kernel32.dll 5.1.2600.3119 C:\WINDOWS\system32
7c900000 ntdll.dll 5.1.2600.2180 C:\WINDOWS\system32
7c9c0000 shell32.dll 6.0.2900.3241 C:\WINDOWS\system32
7df70000 oledlg.dll 5.1.2600.3016 C:\WINDOWS\system32
7e410000 USER32.dll 5.1.2600.3099 C:\WINDOWS\system32
processes:
000 Idle
004 System normal
494 smss.exe normal C:\WINDOWS\system32
4f8 csrss.exe normal C:\WINDOWS\system32
518 winlogon.exe high C:\WINDOWS\system32
544 services.exe normal C:\WINDOWS\system32
550 lsass.exe normal C:\WINDOWS\system32
60c Ati2evxx.exe normal C:\WINDOWS\system32
61c svchost.exe normal C:\WINDOWS\system32
684 svchost.exe normal C:\WINDOWS\system32
748 svchost.exe normal C:\WINDOWS\System32
7e4 svchost.exe normal C:\WINDOWS\system32
0dc svchost.exe normal C:\WINDOWS\system32
1d0 WLTRYSVC.EXE normal C:\WINDOWS\System32
1f8 bcmwltry.exe normal C:\WINDOWS\System32
238 aswUpdSv.exe normal C:\Program Files\Alwil Software\Avast4
288 ashServ.exe high C:\Program Files\Alwil Software\Avast4
41c spoolsv.exe normal C:\WINDOWS\system32
77c CreativeLicensing.exe normal C:\Program Files\Common Files\Creative Labs Shared\Service
798 CTsvcCDA.exe normal C:\WINDOWS\system32
7a8 cvpnd.exe normal C:\Program Files\chr vpn client
0c8 MDM.EXE normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG
140 sqlservr.exe normal C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn
170 pctsAuxs.exe normal C:\Program Files\Spyware Doctor
3d0 svchost.exe normal C:\WINDOWS\system32
8d8 ashMaiSv.exe normal C:\Program Files\Alwil Software\Avast4
8f4 ashWebSv.exe normal C:\Program Files\Alwil Software\Avast4
9cc alg.exe normal C:\WINDOWS\System32
c68 Ati2evxx.exe normal C:\WINDOWS\system32
c94 userinit.exe normal C:\WINDOWS\system32
d04 Explorer.EXE normal C:\WINDOWS
d20 wmiprvse.exe normal C:\WINDOWS\system32\wbem
d88 wmiprvse.exe normal C:\WINDOWS\system32\wbem
e88 WLTRAY.exe normal C:\WINDOWS\system32
eac stsystra.exe normal C:\WINDOWS
ecc quickset.exe normal C:\Program Files\Dell\QuickSet
ee0 SynTPEnh.exe normal C:\Program Files\Synaptics\SynTP
f0c cli.exe high C:\Program Files\ATI Technologies\ATI.ACE
f3c CTSysVol.exe normal C:\Program Files\Creative\SBAudigy\Surround Mixer
f48 pctsSvc.exe normal C:\Program Files\Spyware Doctor
f64 Rundll32.exe normal C:\WINDOWS\system32
f74 AndreaVC.exe normal C:\Program Files\Creative\VoiceCenter
f88 tfswctrl.exe normal C:\WINDOWS\system32\dla
f98 PCMService.exe normal C:\Program Files\Dell\MediaDirect
fc4 ashDisp.exe normal C:\PROGRA~1\ALWILS~1\Avast4
fe8 iTunesHelper.exe normal C:\Program Files\iTunes
ff0 jusched.exe normal C:\Program Files\Java\jre1.6.0_05\bin
164 Reader_sl.exe normal C:\Program Files\Adobe\Reader 8.0\Reader
158 netWaiting.exe normal C:\Program Files\NetWaiting
388 GoogleToolbarNotifier.exe normal C:\Program Files\Google\GoogleToolbarNotifier
554 ctfmon.exe normal C:\WINDOWS\system32
718 pctsTray.exe normal C:\Program Files\Spyware Doctor
654 imapi.exe normal C:\WINDOWS\system32
650 msmsgs.exe normal C:\Program Files\Messenger
6fc clclean.0001 normal C:\DOCUME~1\Mama\LOCALS~1\Temp
858 wuauclt.exe normal C:\WINDOWS\system32
8d0 sqlmangr.exe normal C:\Program Files\Microsoft SQL Server\80\Tools\Binn
45c WZQKPICK.EXE normal C:\Program Files\WinZip
a38 iPodService.exe normal C:\Program Files\iPod\bin
hardware:
+ Batteries
- Microsoft AC Adapter
- Microsoft ACPI-Compliant Control Method Battery
+ Computer
- ACPI Multiprocessor PC
+ Disk drives
- Hitachi HTS541612J9SA00
+ Display adapters
- ATI Mobility Radeon X1300 (driver 8.261.0.0)
+ DVD/CD-ROM drives
- Optiarc DVD+-RW AD-5540A
+ Human Interface Devices
- USB Human Interface Device
+ IDE ATA/ATAPI controllers
- Intel(R) 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4 (driver 7.0.0.1020)
- Primary IDE Channel
- Ricoh Memory Stick Host Controller (driver 1.0.1.12)
- Ricoh MMC Host Controller (driver 1.0.0.6)
- Ricoh xD-Picture Card Host Controller (driver 1.0.2.4)
- Secondary IDE Channel
+ IEEE 1394 Bus host controllers
- OHCI Compliant IEEE 1394 Host Controller
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- HID-compliant mouse
- Synaptics PS/2 Port Pointing Device (driver 8.2.4.6)
+ Modems
- Conexant HDA D110 MDC V.92 Modem (driver 7.32.0.0)
+ Monitors
- Default Monitor
- Default Monitor
- Default Monitor
- Default Monitor
+ Network adapters
- 1394 Net Adapter
- Broadcom 440x 10/100 Integrated Controller (driver 4.52.0.0)
- Dell Wireless 1500 Draft 802.11n WLAN Mini-Card (driver 4.100.15.5)
+ Processors
- Genuine Intel(R) CPU T2050 @ 1.60GHz
- Genuine Intel(R) CPU T2050 @ 1.60GHz
+ Secure Digital host controllers
- SDA Standard Compliant SD Host Controller
+ Sound, video and game controllers
- Audio Codecs
- Legacy Audio Drivers
- Legacy Video Capture Devices
- Media Control Devices
- SigmaTel High Definition Audio CODEC (driver 5.10.0.4995)
- Video Codecs
+ System devices
- ACPI Lid
- ACPI Power Button
- ACPI Sleep Button
- ACPI Thermal Zone
- Direct memory access controller
- High Precision Event Timer (driver 7.0.0.1011)
- Intel(R) 82801 PCI Bridge - 2448 (driver 7.0.0.1011)
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA (driver 7.0.0.1020)
- Intel(R) 82801GBM (ICH7-M) LPC Interface Controller - 27B9 (driver 7.0.0.1020)
- ISAPNP Read Data Port
- Logical Disk Manager
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Composite Battery
- Microsoft System Management BIOS Driver
- Microsoft UAA Bus Driver for High Definition Audio
- Microsoft Windows Management Interface for ACPI
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express PCI Express Root Port - 27A1 (driver 7.1.0.1011)
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0 (driver 7.1.0.1011)
- Numeric data processor
- OpenManage Client Instrumentation device driver (driver 7.0.382.0)
- PCI bus
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- System board
- System board
- System board
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Device Redirector
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- Volume Manager
+ Universal Serial Bus controllers
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC (driver 7.2.2.1001)
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
cpu registers:
eax = 00ebc050
ebx = 51f2a13d
ecx = 00327bc4
edx = 51f2a13d
esi = 51f2a13d
edi = 00338374
eip = 51f2a13d
esp = 0012fce4
ebp = 0012fd60
stack dump:
0012fce4 3d a1 f2 51 de fa ed 0e - 01 00 00 00 07 00 00 00 =..Q............
0012fcf4 f8 fc 12 00 3d a1 f2 51 - 50 c0 eb 00 3d a1 f2 51 ....=..QP...=..Q
0012fd04 3d a1 f2 51 74 83 33 00 - 60 fd 12 00 14 fd 12 00 =..Qt.3.`.......
0012fd14 02 00 00 00 f4 3d f2 51 - b4 a0 32 00 d0 21 ed 00 .....=.Q..2..!..
0012fd24 3d a1 f2 51 9b 31 32 00 - 36 00 00 00 10 6a f2 51 =..Q.12.6....j.Q
0012fd34 01 21 ed 00 d0 21 ed 00 - 9f 82 32 00 b4 a0 32 00 .!...!....2...2.
0012fd44 36 00 00 00 c7 65 f2 51 - 2d ac f3 51 e0 a0 32 00 6....e.Q-..Q..2.
0012fd54 68 fd 12 00 4c 6e f2 51 - 60 fd 12 00 80 fd 12 00 h...Ln.Q`.......
0012fd64 f7 71 f2 51 d8 fd 12 00 - e3 6f f2 51 80 fd 12 00 .q.Q.....o.Q....
0012fd74 4c 00 fa 51 04 28 fa 51 - d8 27 fa 51 e4 fd 12 00 L..Q.(.Q.'.Q....
0012fd84 de 8e 44 00 87 76 f2 51 - e4 fd 12 00 d4 fd 12 00 ..D..v.Q........
0012fd94 04 28 fa 51 d8 31 24 00 - 81 14 32 00 00 00 00 00 .(.Q.1$...2.....
0012fda4 48 95 33 00 00 00 00 00 - b4 ff 12 00 34 d8 4a 00 H.3.........4.J.
0012fdb4 ed 00 00 00 08 f0 4a 00 - 00 00 00 00 00 00 00 00 ......J.........
0012fdc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012fdd4 0c 4c de 16 78 fe 12 00 - d4 70 f2 51 e4 fd 12 00 .L..x....p.Q....
0012fde4 04 fe 12 00 a7 11 90 7c - 00 00 32 00 00 00 00 00 .......|..2.....
0012fdf4 01 00 00 00 d8 31 24 00 - 00 00 00 00 c8 30 24 00 .....1$......0$.
0012fe04 88 fe 12 00 31 3f 92 7c - 38 95 33 00 00 00 32 00 ....1?.|8.3...2.
0012fe14 00 00 00 00 01 00 00 00 - 00 00 00 00 8e e8 90 7c ...............|
disassembling:
[...]
004aefd8 ret
004aefd9 jmp -$ade0e ($4011d0) ; System.@HandleFinally (rtl100.bpl)
004aefde jmp loc_4aefce
004aefe0 287 pop esi
004aefe1 pop ebx
004aefe2 > call -$addcf ($401218) ; System.@Halt0 (rtl100.bpl)
Thanks.
I receive a dialog at startup and about every minute while”running.”
pctsSvc.exe – Application Error
“The exception unknown software exception (0x0eedfade) occurred in the application at location 0x7c812a5b).” <OK>
The SpyWare Doctor bugreport file contains this recent entry:
date/time : 2008-06-17, 07:09:48, 531ms
computer name : FOURK
user name : SYSTEM <admin>
registered owner : Papa
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 2 minutes 7 seconds
program up time : 13 seconds
processors : 2x Genuine Intel(R) CPU T2050 @ 1.60GHz
physical memory : 1411/2046 MB (free/total)
free disk space : (C:) 83.76 GB
display mode : 1440x900, 32 bit
process id : $f48
allocated memory : 127.32 MB
executable : pctsSvc.exe
exec. date/time : 2008-03-04 17:49
version : 5.5.0.75
compiled with : Delphi 2006
madExcept version : 3.0f beta 1
callstack crc : $91c2e4d2, $03cdd515, $03cdd515
exception number : 1
exception class : EInvalidPointer
exception message : Invalid pointer operation.
thread $f4c:
51f2a13d +00d rtl100.bpl System TInterfacedObject.BeforeDestruction
51f26a0d +009 rtl100.bpl System @BeforeDestruction
51f265c4 +008 rtl100.bpl System TObject.Free
51f3ac28 +008 rtl100.bpl Sysutils FreeAndNil
00448ed8 +054 pctsSvc.exe madExcept InterceptFinalizeUnits
51f27682 +056 rtl100.bpl System @Halt0
7c923f2c +13d ntdll.dll LdrShutdownProcess
7c81cde9 +00f kernel32.dll ExitProcess
51f276ec +0c0 rtl100.bpl System @Halt0
004aefe2 +38e pctsSvc.exe pctsSvc 287 +174 initialization
modules:
00320000 SysAccess.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00350000 ikdll.dll 5.0.2.1040 C:\Program Files\Spyware Doctor
00380000 commhlpr.dll 5.5.1.0 C:\Program Files\Spyware Doctor
003a0000 RegHelper.dll 5.5.1.0 C:\Program Files\Spyware Doctor
003c0000 filehlpr.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00400000 pctsSvc.exe 5.5.0.75 C:\Program Files\Spyware Doctor
004f0000 CommOM.dll 5.5.1.4 C:\Program Files\Spyware Doctor
00650000 CommLib.dll 5.5.1.0 C:\Program Files\Spyware Doctor
00760000 inethlpr.dll 5.5.1.3 C:\Program Files\Spyware Doctor
007c0000 sdcore.dll 5.5.1.3 C:\Program Files\Spyware Doctor
02ea0000 FileStorage.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f00000 Settings.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f20000 IDBLib.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
02f70000 SDInfo.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03610000 SDExtra.sdp 5.5.1.2 C:\Program Files\Spyware Doctor
03660000 Immunizer.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03680000 Localizer.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
037f0000 NfyMan.sdp 5.5.1.1 C:\Program Files\Spyware Doctor
03810000 BH.dll 5.5.1.0 C:\Program Files\Spyware Doctor
03860000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
03a80000 RebootManager.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03ab0000 scaneng.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03c00000 stasks.sdp 5.5.1.1 C:\Program Files\Spyware Doctor
03c30000 whitelist.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
03d80000 grregistry.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b090000 Browsers.SDP 5.5.1.1 C:\Program Files\Spyware Doctor\plugins
0b0e0000 cookie.sdp 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b120000 grfiles.SDP 5.5.1.2 C:\Program Files\Spyware Doctor\plugins
0b170000 PCToolsComponents.bpl 5.5.0.5 C:\Program Files\Spyware Doctor
0b1e0000 SH.dll 5.5.1.1 C:\Program Files\Spyware Doctor
0b220000 KLGuard.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b2a0000 Network.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b400000 Process.SDP 5.5.1.1 C:\Program Files\Spyware Doctor\plugins
0b480000 SDNET.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
0b510000 StartUp.SDP 5.5.1.0 C:\Program Files\Spyware Doctor\plugins
10000000 PCTWSC.dll 1.0.0.12 C:\Program Files\Spyware Doctor
14200000 quarantine.sdp 5.5.1.0 C:\Program Files\Spyware Doctor
20000000 xpsp2res.dll 5.1.2600.2180 C:\WINDOWS\system32
51f20000 rtl100.bpl 10.0.2288.42451 C:\Program Files\Spyware Doctor
52000000 vcl100.bpl 10.0.2288.42451 C:\Program Files\Spyware Doctor
58d40000 Wship6.dll 5.1.2600.2180 C:\WINDOWS\system32
5a000000 klg.dat 5.5.0.2 C:\Program Files\Spyware Doctor
5ad70000 uxtheme.dll 6.0.2900.2180 C:\WINDOWS\system32
5b860000 NETAPI32.dll 5.1.2600.2976 C:\WINDOWS\system32
5c060000 SrClient.dll 5.1.2600.2180 C:\WINDOWS\system32
5d090000 COMCTL32.dll 5.82.2900.2982 C:\WINDOWS\system32
5edd0000 olepro32.dll 5.1.2600.2180 C:\WINDOWS\system32
666f0000 inetmib1.dll 5.1.2600.2180 C:\WINDOWS\system32
692c0000 framedyn.dll 5.1.2600.2180 C:\WINDOWS\System32\Wbem
71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WINDOWS\system32
71ab0000 WS2_32.dll 5.1.2600.2180 C:\WINDOWS\system32
71ad0000 wsock32.dll 5.1.2600.2180 C:\WINDOWS\system32
71b20000 mpr.dll 5.1.2600.2180 C:\WINDOWS\system32
71bf0000 SAMLIB.dll 5.1.2600.2180 C:\WINDOWS\system32
71f60000 snmpapi.dll 5.1.2600.2180 C:\WINDOWS\system32
73000000 winspool.drv 5.1.2600.2180 C:\WINDOWS\system32
74c80000 oleacc.dll 4.2.5406.0 C:\WINDOWS\system32
74ed0000 wbemsvc.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
74ef0000 wbemprox.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
75290000 wbemcomn.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
75690000 fastprox.dll 5.1.2600.2180 C:\WINDOWS\system32\wbem
76080000 MSVCP60.dll 6.2.3104.0 C:\WINDOWS\system32
76360000 WINSTA.dll 5.1.2600.2180 C:\WINDOWS\system32
76380000 msimg32.dll 5.1.2600.2180 C:\WINDOWS\system32
76390000 IMM32.DLL 5.1.2600.2180 C:\WINDOWS\system32
763b0000 comdlg32.dll 6.0.2900.2180 C:\WINDOWS\system32
767a0000 NTDSAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76b20000 ATL.DLL 3.5.2284.0 C:\WINDOWS\system32
76c90000 IMAGEHLP.DLL 5.1.2600.2180 C:\WINDOWS\system32
76d40000 MPRAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76d60000 iphlpapi.dll 5.1.2600.2912 C:\WINDOWS\system32
76e10000 adsldpc.dll 5.1.2600.2180 C:\WINDOWS\system32
76e80000 rtutils.dll 5.1.2600.2180 C:\WINDOWS\system32
76f20000 DNSAPI.dll 5.1.2600.3316 C:\WINDOWS\system32
76f50000 Wtsapi32.dll 5.1.2600.2180 C:\WINDOWS\system32
76f60000 WLDAP32.dll 5.1.2600.2180 C:\WINDOWS\system32
76fd0000 CLBCATQ.DLL 2001.12.4414.308 C:\WINDOWS\system32
77050000 COMRes.dll 2001.12.4414.258 C:\WINDOWS\system32
77120000 oleaut32.dll 5.1.2600.3266 C:\WINDOWS\system32
773d0000 comctl32.dll 6.0.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
774e0000 ole32.dll 5.1.2600.2726 C:\WINDOWS\system32
77690000 NTMARTA.DLL 5.1.2600.2180 C:\WINDOWS\system32
77920000 SETUPAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
77c00000 version.dll 5.1.2600.2180 C:\WINDOWS\system32
77c10000 msvcrt.dll 7.0.2600.2180 C:\WINDOWS\system32
77c70000 msv1_0.dll 5.1.2600.2180 C:\WINDOWS\system32
77cc0000 ACTIVEDS.dll 5.1.2600.2180 C:\WINDOWS\system32
77dd0000 ADVAPI32.dll 5.1.2600.2180 C:\WINDOWS\system32
77e70000 RPCRT4.dll 5.1.2600.3173 C:\WINDOWS\system32
77f10000 GDI32.dll 5.1.2600.3316 C:\WINDOWS\system32
77f60000 SHLWAPI.dll 6.0.2900.3199 C:\WINDOWS\system32
77fe0000 Secur32.dll 5.1.2600.2180 C:\WINDOWS\system32
78000000 iertutil.dll 7.0.6000.16674 C:\WINDOWS\system32
78050000 wininet.dll 7.0.6000.16674 C:\WINDOWS\system32
7c800000 kernel32.dll 5.1.2600.3119 C:\WINDOWS\system32
7c900000 ntdll.dll 5.1.2600.2180 C:\WINDOWS\system32
7c9c0000 shell32.dll 6.0.2900.3241 C:\WINDOWS\system32
7df70000 oledlg.dll 5.1.2600.3016 C:\WINDOWS\system32
7e410000 USER32.dll 5.1.2600.3099 C:\WINDOWS\system32
processes:
000 Idle
004 System normal
494 smss.exe normal C:\WINDOWS\system32
4f8 csrss.exe normal C:\WINDOWS\system32
518 winlogon.exe high C:\WINDOWS\system32
544 services.exe normal C:\WINDOWS\system32
550 lsass.exe normal C:\WINDOWS\system32
60c Ati2evxx.exe normal C:\WINDOWS\system32
61c svchost.exe normal C:\WINDOWS\system32
684 svchost.exe normal C:\WINDOWS\system32
748 svchost.exe normal C:\WINDOWS\System32
7e4 svchost.exe normal C:\WINDOWS\system32
0dc svchost.exe normal C:\WINDOWS\system32
1d0 WLTRYSVC.EXE normal C:\WINDOWS\System32
1f8 bcmwltry.exe normal C:\WINDOWS\System32
238 aswUpdSv.exe normal C:\Program Files\Alwil Software\Avast4
288 ashServ.exe high C:\Program Files\Alwil Software\Avast4
41c spoolsv.exe normal C:\WINDOWS\system32
77c CreativeLicensing.exe normal C:\Program Files\Common Files\Creative Labs Shared\Service
798 CTsvcCDA.exe normal C:\WINDOWS\system32
7a8 cvpnd.exe normal C:\Program Files\chr vpn client
0c8 MDM.EXE normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG
140 sqlservr.exe normal C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn
170 pctsAuxs.exe normal C:\Program Files\Spyware Doctor
3d0 svchost.exe normal C:\WINDOWS\system32
8d8 ashMaiSv.exe normal C:\Program Files\Alwil Software\Avast4
8f4 ashWebSv.exe normal C:\Program Files\Alwil Software\Avast4
9cc alg.exe normal C:\WINDOWS\System32
c68 Ati2evxx.exe normal C:\WINDOWS\system32
c94 userinit.exe normal C:\WINDOWS\system32
d04 Explorer.EXE normal C:\WINDOWS
d20 wmiprvse.exe normal C:\WINDOWS\system32\wbem
d88 wmiprvse.exe normal C:\WINDOWS\system32\wbem
e88 WLTRAY.exe normal C:\WINDOWS\system32
eac stsystra.exe normal C:\WINDOWS
ecc quickset.exe normal C:\Program Files\Dell\QuickSet
ee0 SynTPEnh.exe normal C:\Program Files\Synaptics\SynTP
f0c cli.exe high C:\Program Files\ATI Technologies\ATI.ACE
f3c CTSysVol.exe normal C:\Program Files\Creative\SBAudigy\Surround Mixer
f48 pctsSvc.exe normal C:\Program Files\Spyware Doctor
f64 Rundll32.exe normal C:\WINDOWS\system32
f74 AndreaVC.exe normal C:\Program Files\Creative\VoiceCenter
f88 tfswctrl.exe normal C:\WINDOWS\system32\dla
f98 PCMService.exe normal C:\Program Files\Dell\MediaDirect
fc4 ashDisp.exe normal C:\PROGRA~1\ALWILS~1\Avast4
fe8 iTunesHelper.exe normal C:\Program Files\iTunes
ff0 jusched.exe normal C:\Program Files\Java\jre1.6.0_05\bin
164 Reader_sl.exe normal C:\Program Files\Adobe\Reader 8.0\Reader
158 netWaiting.exe normal C:\Program Files\NetWaiting
388 GoogleToolbarNotifier.exe normal C:\Program Files\Google\GoogleToolbarNotifier
554 ctfmon.exe normal C:\WINDOWS\system32
718 pctsTray.exe normal C:\Program Files\Spyware Doctor
654 imapi.exe normal C:\WINDOWS\system32
650 msmsgs.exe normal C:\Program Files\Messenger
6fc clclean.0001 normal C:\DOCUME~1\Mama\LOCALS~1\Temp
858 wuauclt.exe normal C:\WINDOWS\system32
8d0 sqlmangr.exe normal C:\Program Files\Microsoft SQL Server\80\Tools\Binn
45c WZQKPICK.EXE normal C:\Program Files\WinZip
a38 iPodService.exe normal C:\Program Files\iPod\bin
hardware:
+ Batteries
- Microsoft AC Adapter
- Microsoft ACPI-Compliant Control Method Battery
+ Computer
- ACPI Multiprocessor PC
+ Disk drives
- Hitachi HTS541612J9SA00
+ Display adapters
- ATI Mobility Radeon X1300 (driver 8.261.0.0)
+ DVD/CD-ROM drives
- Optiarc DVD+-RW AD-5540A
+ Human Interface Devices
- USB Human Interface Device
+ IDE ATA/ATAPI controllers
- Intel(R) 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4 (driver 7.0.0.1020)
- Primary IDE Channel
- Ricoh Memory Stick Host Controller (driver 1.0.1.12)
- Ricoh MMC Host Controller (driver 1.0.0.6)
- Ricoh xD-Picture Card Host Controller (driver 1.0.2.4)
- Secondary IDE Channel
+ IEEE 1394 Bus host controllers
- OHCI Compliant IEEE 1394 Host Controller
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- HID-compliant mouse
- Synaptics PS/2 Port Pointing Device (driver 8.2.4.6)
+ Modems
- Conexant HDA D110 MDC V.92 Modem (driver 7.32.0.0)
+ Monitors
- Default Monitor
- Default Monitor
- Default Monitor
- Default Monitor
+ Network adapters
- 1394 Net Adapter
- Broadcom 440x 10/100 Integrated Controller (driver 4.52.0.0)
- Dell Wireless 1500 Draft 802.11n WLAN Mini-Card (driver 4.100.15.5)
+ Processors
- Genuine Intel(R) CPU T2050 @ 1.60GHz
- Genuine Intel(R) CPU T2050 @ 1.60GHz
+ Secure Digital host controllers
- SDA Standard Compliant SD Host Controller
+ Sound, video and game controllers
- Audio Codecs
- Legacy Audio Drivers
- Legacy Video Capture Devices
- Media Control Devices
- SigmaTel High Definition Audio CODEC (driver 5.10.0.4995)
- Video Codecs
+ System devices
- ACPI Lid
- ACPI Power Button
- ACPI Sleep Button
- ACPI Thermal Zone
- Direct memory access controller
- High Precision Event Timer (driver 7.0.0.1011)
- Intel(R) 82801 PCI Bridge - 2448 (driver 7.0.0.1011)
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA (driver 7.0.0.1020)
- Intel(R) 82801GBM (ICH7-M) LPC Interface Controller - 27B9 (driver 7.0.0.1020)
- ISAPNP Read Data Port
- Logical Disk Manager
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Composite Battery
- Microsoft System Management BIOS Driver
- Microsoft UAA Bus Driver for High Definition Audio
- Microsoft Windows Management Interface for ACPI
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express PCI Express Root Port - 27A1 (driver 7.1.0.1011)
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0 (driver 7.1.0.1011)
- Numeric data processor
- OpenManage Client Instrumentation device driver (driver 7.0.382.0)
- PCI bus
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- System board
- System board
- System board
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Device Redirector
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- Volume Manager
+ Universal Serial Bus controllers
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB (driver 7.2.2.1001)
- Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC (driver 7.2.2.1001)
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
cpu registers:
eax = 00ebc050
ebx = 51f2a13d
ecx = 00327bc4
edx = 51f2a13d
esi = 51f2a13d
edi = 00338374
eip = 51f2a13d
esp = 0012fce4
ebp = 0012fd60
stack dump:
0012fce4 3d a1 f2 51 de fa ed 0e - 01 00 00 00 07 00 00 00 =..Q............
0012fcf4 f8 fc 12 00 3d a1 f2 51 - 50 c0 eb 00 3d a1 f2 51 ....=..QP...=..Q
0012fd04 3d a1 f2 51 74 83 33 00 - 60 fd 12 00 14 fd 12 00 =..Qt.3.`.......
0012fd14 02 00 00 00 f4 3d f2 51 - b4 a0 32 00 d0 21 ed 00 .....=.Q..2..!..
0012fd24 3d a1 f2 51 9b 31 32 00 - 36 00 00 00 10 6a f2 51 =..Q.12.6....j.Q
0012fd34 01 21 ed 00 d0 21 ed 00 - 9f 82 32 00 b4 a0 32 00 .!...!....2...2.
0012fd44 36 00 00 00 c7 65 f2 51 - 2d ac f3 51 e0 a0 32 00 6....e.Q-..Q..2.
0012fd54 68 fd 12 00 4c 6e f2 51 - 60 fd 12 00 80 fd 12 00 h...Ln.Q`.......
0012fd64 f7 71 f2 51 d8 fd 12 00 - e3 6f f2 51 80 fd 12 00 .q.Q.....o.Q....
0012fd74 4c 00 fa 51 04 28 fa 51 - d8 27 fa 51 e4 fd 12 00 L..Q.(.Q.'.Q....
0012fd84 de 8e 44 00 87 76 f2 51 - e4 fd 12 00 d4 fd 12 00 ..D..v.Q........
0012fd94 04 28 fa 51 d8 31 24 00 - 81 14 32 00 00 00 00 00 .(.Q.1$...2.....
0012fda4 48 95 33 00 00 00 00 00 - b4 ff 12 00 34 d8 4a 00 H.3.........4.J.
0012fdb4 ed 00 00 00 08 f0 4a 00 - 00 00 00 00 00 00 00 00 ......J.........
0012fdc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012fdd4 0c 4c de 16 78 fe 12 00 - d4 70 f2 51 e4 fd 12 00 .L..x....p.Q....
0012fde4 04 fe 12 00 a7 11 90 7c - 00 00 32 00 00 00 00 00 .......|..2.....
0012fdf4 01 00 00 00 d8 31 24 00 - 00 00 00 00 c8 30 24 00 .....1$......0$.
0012fe04 88 fe 12 00 31 3f 92 7c - 38 95 33 00 00 00 32 00 ....1?.|8.3...2.
0012fe14 00 00 00 00 01 00 00 00 - 00 00 00 00 8e e8 90 7c ...............|
disassembling:
[...]
004aefd8 ret
004aefd9 jmp -$ade0e ($4011d0) ; System.@HandleFinally (rtl100.bpl)
004aefde jmp loc_4aefce
004aefe0 287 pop esi
004aefe1 pop ebx
004aefe2 > call -$addcf ($401218) ; System.@Halt0 (rtl100.bpl)
Thanks.