Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dr. Watson Debugger + Windows Explorer Problem


  • Please log in to reply
29 replies to this topic

#1 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 22 February 2008 - 09:06 PM

This only happened recently. The first time I just shrugged it off; errors happen occasionally.
However, today I got the same problem again. I forgot what I was doing the first time, but today I was opening a zip file with 7-zip. After it posted "Windows Explorer has encountered an error and needs to close" etc etc, I checked the detailed logs. I tried to copy and paste but apparently the clipboard died, but I did get the part where it said the error concerned oleaut32.dll.

After the error window closed, the computer locked itself and I had to manuall end explorer. Then it started loading, and then another error window popped up, this time saying Dr. Watson's Postmortem Debugger encountered an error and needs to close.

This happened only recently and I don't remember getting any suspicious files. If someone can help me resolve this annoying issue it would be greatly appreciated :thumbsup:
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:52 PM

Posted 22 February 2008 - 09:37 PM

Are you current on all of you windows Updates?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 22 February 2008 - 10:02 PM

Yes, I have downloaded all of them, even all the optional ones.
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#4 lowtek_otc

lowtek_otc

  • Members
  • 280 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 22 February 2008 - 10:26 PM

So this happens randomly? Not only when using 7zip?

#5 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 22 February 2008 - 10:27 PM

Yes, I should think it happens randomly, I'm still doing exactly same things as months before and it's only starting to freak out recently.
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#6 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 03 March 2008 - 06:47 PM

The problem started back up again. Now 50% of the time I log on Explorer.exe will encounter an error and kill the whole computer. Then I have to pull the power plug and reboot. Then I have to go to the Recovery Console and do a fixboot. Then it works, but all my settings are reset and the toolbar option for the taskbar is gone. Then I restart, and the problem seems to be gone. I'm now constantly scared of having explorer and drwtsn die.
It happened again a few minutes ago, and I found the log. If someone can help me diagnose the file it would be very very helpful!! Thanks :thumbsup:



Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=2856)
When: 3/2/2008 @ 08:28:15.488
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Kerou
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 Error 0xD0000022
376 Error 0xD0000022
584 Error 0xD0000022
612 Error 0xD0000022
656 Error 0xD0000022
692 Error 0xD0000022
824 Error 0xD0000022
840 Error 0xD0000022
904 Error 0xD0000022
944 Error 0xD0000022
1024 Error 0xD0000022
1152 Error 0xD0000022
1324 Error 0xD0000022
1420 Error 0xD0000022
1480 Error 0xD0000022
1496 Error 0xD0000022
1524 Error 0xD0000022
1680 Error 0xD0000022
1764 Error 0xD0000022
1872 Error 0xD0000022
1904 Error 0xD0000022
260 Error 0xD0000022
308 Error 0xD0000022
440 Error 0xD0000022
480 Error 0xD0000022
540 Error 0xD0000022
2096 Error 0xD0000022
2132 Error 0xD0000022
2148 Error 0xD0000022
2284 Error 0xD0000022
1088 Error 0xD0000022
1116 Error 0xD0000022
2856 Explorer.EXE
3092 ehtray.exe
1852 atiptaxx.exe
3168 ehmsas.exe
3176 SynTPEnh.exe
3192 EabServr.exe
3276 mamutu.exe
3328 Error 0xD0000022
3580 Error 0xD0000022
3624 Error 0xD0000022
3656 DrvIcon.exe
2748 googletalk.exe
2652 winpatrol.exe
1692 ashDisp.exe
3796 SDTrayApp.exe
3956 GoogleToolbarNotifier.exe
3976 ctfmon.exe
4044 msmsgs.exe
3728 iexplore.exe
3924 WLLoginProxy.exe
2932 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(00000000017f0000 - 0000000001db9000: C:\WINDOWS\system32\ieframe.dll
(0000000010000000 - 0000000010022000: C:\WINDOWS\system32\guard32.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\PortableDeviceTypes.dll
(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\WPDShServiceObj.dll
(0000000020000000 - 0000000020088000: C:\WINDOWS\system32\shdoclc.dll
(0000000022200000 - 000000002221f000: C:\Program Files\SpywareGuard\spywareguard.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000004ffe0000 - 000000004ffe8000: C:\WINDOWS\system32\fltLib.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(000000005fc10000 - 000000005fc43000: C:\WINDOWS\system32\msutb.dll
(0000000061410000 - 0000000061534000: C:\WINDOWS\system32\urlmon.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000067800000 - 000000006783b000: C:\Program Files\Mamutu\a2handler.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073030000 - 0000000073040000: C:\WINDOWS\system32\WZCSAPI.DLL
(0000000073420000 - 0000000073574000: C:\WINDOWS\system32\MSVBVM60.DLL
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b6b000: C:\WINDOWS\system32\webcheck.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\winsta.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 000000007727e000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\apphelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e290000 - 000000007e401000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0xb2c <----*

eax=00000000 ebx=00000003 ecx=00000000 edx=00000000 esi=000e1960 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0c674 00000000 0007ff5c 010132a4 ntdll!KiFastSystemCallRet
0007ff14 010132a4 000e1960 7ffd5000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a936 00000000 00000000 0002064e Explorer+0x132a4
0007ffc0 7c816fd7 00000010 000810a0 7ffd5000 Explorer+0x1a936
0007fff0 00000000 0101a8ce 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 41 7e c5 4a a2 7c - 9c 92 80 7c 60 19 0e 00 ..A~.J.|...|`...
000000000007ff00 60 19 0e 00 14 ff 07 00 - 14 ff 07 00 74 c6 a0 7c `...........t..|
000000000007ff10 00 00 00 00 5c ff 07 00 - a4 32 01 01 60 19 0e 00 ....\....2..`...
000000000007ff20 00 50 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 .P..........$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c 65 ac 80 7c P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 f2 a6 3b 01 ..............;.
000000000007ff50 d8 00 00 00 01 00 00 00 - 60 19 0e 00 c0 ff 07 00 ........`.......
000000000007ff60 36 a9 01 01 00 00 00 00 - 00 00 00 00 4e 06 02 00 6...........N...
000000000007ff70 01 00 00 00 10 00 00 00 - a0 10 08 00 44 00 00 00 ............D...
000000000007ff80 a0 06 02 00 80 06 02 00 - 50 06 02 00 00 00 00 00 ........P.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 48 22 19 00 ............H"..
000000000007ffa0 00 00 00 00 1d 69 91 7c - 01 00 00 00 01 00 00 00 .....i.|........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 10 00 00 00 a0 10 08 00 .....o.|........
000000000007ffd0 00 50 fd 7f fd 41 54 80 - c8 ff 07 00 58 f9 73 85 .P...AT.....X.s.
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00 .......|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - ce a8 01 01 00 00 00 00 ................
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0xb3c <----*

eax=77df9981 ebx=00b9fed0 ecx=00000006 edx=00000000 esi=00000000 edi=7ffd5000
eip=7c90eb94 esp=00b9fea8 ebp=00b9ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00b9ff44 77df9b26 00000002 00b9ff6c 00000000 ntdll!KiFastSystemCallRet
00b9ffb4 7c80b683 00000000 7c9140bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
00b9ffec 00000000 77df9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000b9fea8 ab e9 90 7c e2 94 80 7c - 02 00 00 00 d0 fe b9 00 ...|...|........
0000000000b9feb8 01 00 00 00 01 00 00 00 - 04 ff b9 00 e0 2e a6 00 ................
0000000000b9fec8 40 65 e4 77 00 10 00 00 - 78 00 00 00 84 00 00 00 @e.w....x.......
0000000000b9fed8 c0 fe b9 00 dc 5c a5 eb - dc ff b9 00 a8 9a 83 7c .....\.........|
0000000000b9fee8 b0 0a 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 ...|............
0000000000b9fef8 60 c6 09 00 00 00 00 00 - 00 00 00 00 00 a2 2f 4d `............./M
0000000000b9ff08 ff ff ff ff 00 10 00 00 - 00 50 fd 7f 00 e0 fd 7f .........P......
0000000000b9ff18 dc ff b9 00 04 ff b9 00 - d0 fe b9 00 06 00 00 00 ................
0000000000b9ff28 02 00 00 00 c4 fe b9 00 - 06 00 00 00 dc ff b9 00 ................
0000000000b9ff38 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 b4 ff b9 00 ...|...|........
0000000000b9ff48 26 9b df 77 02 00 00 00 - 6c ff b9 00 00 00 00 00 &..w....l.......
0000000000b9ff58 e0 93 04 00 01 00 00 00 - bb 40 91 7c 00 00 00 00 .........@.|....
0000000000b9ff68 00 00 00 00 78 00 00 00 - 84 00 00 00 00 10 00 00 ....x...........
0000000000b9ff78 e0 2e a6 00 00 00 00 00 - 00 10 00 00 e8 3e a6 00 .............>..
0000000000b9ff88 a0 66 e4 77 58 00 00 00 - 80 66 e4 77 00 10 00 00 .f.wX....f.w....
0000000000b9ff98 00 00 00 00 a0 66 e4 77 - e0 2e a6 00 80 66 e4 77 .....f.w.....f.w
0000000000b9ffa8 e5 03 00 00 00 10 00 00 - e8 3e a6 00 ec ff b9 00 .........>......
0000000000b9ffb8 83 b6 80 7c 00 00 00 00 - bb 40 91 7c 00 00 00 00 ...|.....@.|....
0000000000b9ffc8 00 00 00 00 00 e0 fd 7f - 00 06 fc 86 c0 ff b9 00 ................
0000000000b9ffd8 40 6f cf 85 ff ff ff ff - a8 9a 83 7c 90 b6 80 7c @o.........|...|

*----> State Dump for Thread Id 0xbc4 <----*

eax=00000000 ebx=00000000 ecx=00134bd0 edx=77606e00 esi=000f5648 edi=000f56ec
eip=7c90eb94 esp=021cfe1c ebp=021cff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
021cff80 77e76c2b 021cffa8 77e76a4d 000f5648 ntdll!KiFastSystemCallRet
021cff88 77e76a4d 000f5648 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5e3
021cffa8 77e76c13 000bb578 021cffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
021cffb4 7c80b683 000d5fc8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5cb
021cffec 00000000 77e76bf9 000d5fc8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000021cfe1c 99 e3 90 7c 13 67 e7 77 - 68 02 00 00 70 ff 1c 02 ...|.g.wh...p...
00000000021cfe2c 00 00 00 00 48 7e 18 00 - 54 ff 1c 02 00 b0 fd 7f ....H~..T.......
00000000021cfe3c 6c 4b 08 eb f8 1f 60 c0 - 48 4b 08 eb bc ec 51 80 lK....`.HK....Q.
00000000021cfe4c 00 b0 fd 7f 02 00 00 00 - 00 00 00 00 d8 fe 3f c0 ..............?.
00000000021cfe5c 00 00 00 00 00 00 00 00 - 00 c0 fd 7f 04 4c 08 eb .............L..
00000000021cfe6c 03 00 00 00 6c 4b 08 eb - 00 00 00 00 00 00 00 00 ....lK..........
00000000021cfe7c 00 00 00 00 00 f1 d1 85 - a0 ed 75 85 01 ee 75 85 ..........u...u.
00000000021cfe8c 00 00 00 00 d8 fe 3f c0 - 9f 19 00 00 dc db cf 86 ......?.........
00000000021cfe9c ff ff 99 01 10 db cf 86 - 00 00 00 00 01 00 00 00 ................
00000000021cfeac 00 00 9a 01 fc 4a 08 eb - 00 00 00 00 ff ff ff ff .....J..........
00000000021cfebc d0 53 53 80 00 20 fa 7f - ff ff ff ff 78 7b 5a 80 .SS.. ......x{Z.
00000000021cfecc 00 b0 fd 7f ff ff ff ff - 74 4c 08 eb 78 4c 08 eb ........tL..xL..
00000000021cfedc 00 80 00 00 d0 4c 08 eb - 40 76 78 85 01 00 00 00 .....L..@vx.....
00000000021cfeec f0 a9 f3 86 01 00 00 00 - 28 d0 fe 86 20 f3 46 e1 ........(... .F.
00000000021cfefc 02 00 00 00 20 4c 08 eb - 00 07 fc 86 fd 41 54 80 .... L.......AT.
00000000021cff0c 00 f1 d1 85 a0 ed 75 85 - 44 6f 0a 86 24 4c 08 eb ......u.Do..$L..
00000000021cff1c 07 9e 4f 80 0f 9e 4f 80 - 14 6f 0a 86 a8 6d 0a 86 ..O...O..o...m..
00000000021cff2c dc 6d 0a 86 80 ff 1c 02 - a9 66 e7 77 4c ff 1c 02 .m.......f.wL...
00000000021cff3c b9 66 e7 77 ed 10 90 7c - 08 ae 0e 00 c8 5f 0d 00 .f.w...|....._..
00000000021cff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x214 <----*

eax=774fe429 ebx=00007530 ecx=7ffd5000 edx=00000000 esi=00000000 edi=0220ff50
eip=7c90eb94 esp=0220ff20 ebp=0220ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
0220ff78 7c802451 0000ea60 00000000 0220ffb4 ntdll!KiFastSystemCallRet
0220ff88 774fe31d 0000ea60 000ee5e0 774fe3dc kernel32!Sleep+0xf
0220ffb4 7c80b683 000ee5e0 7c910945 7c91094e ole32!StringFromGUID2+0x51b
0220ffec 00000000 774fe429 000ee5e0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000220ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff 20 02 \..|.#.|....P. .
000000000220ff30 40 25 80 7c f8 6d 60 77 - 30 75 00 00 14 00 00 00 @%.|.m`w0u......
000000000220ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
000000000220ff50 00 ba 3c dc ff ff ff ff - b4 fe 20 02 50 ff 20 02 ..<....... .P. .
000000000220ff60 30 ff 20 02 b4 fe 20 02 - dc ff 20 02 a8 9a 83 7c 0. ... ... ....|
000000000220ff70 58 24 80 7c 00 00 00 00 - 88 ff 20 02 51 24 80 7c X$.|...... .Q$.|
000000000220ff80 60 ea 00 00 00 00 00 00 - b4 ff 20 02 1d e3 4f 77 `......... ...Ow
000000000220ff90 60 ea 00 00 e0 e5 0e 00 - dc e3 4f 77 00 00 00 00 `.........Ow....
000000000220ffa0 45 09 91 7c e0 e5 0e 00 - 00 00 4e 77 44 e4 4f 77 E..|......NwD.Ow
000000000220ffb0 4e 09 91 7c ec ff 20 02 - 83 b6 80 7c e0 e5 0e 00 N..|.. ....|....
000000000220ffc0 45 09 91 7c 4e 09 91 7c - e0 e5 0e 00 00 c0 fd 7f E..|N..|........
000000000220ffd0 00 06 fc 86 c0 ff 20 02 - a8 9c 8b 85 ff ff ff ff ...... .........
000000000220ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000220fff0 00 00 00 00 29 e4 4f 77 - e0 e5 0e 00 00 00 00 00 ....).Ow........
0000000002210000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002210010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002210020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002210030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002210040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002210050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xbd4 <----*

eax=0224f7d8 ebx=00000000 ecx=0224f760 edx=77462508 esi=00191e9c edi=00191e9c
eip=7c90eb94 esp=0224ea14 ebp=0224ecdc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*


Application exception occurred:
App: D:\autorun.exe (pid=2900)
When: 3/2/2008 @ 12:44:01.359
Exception number: c0000006 (in page io error)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Chang
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 System
380 smss.exe
584 csrss.exe
612 winlogon.exe
656 services.exe
668 lsass.exe
812 Ati2evxx.exe
828 svchost.exe
896 svchost.exe
936 svchost.exe
1008 svchost.exe
1112 svchost.exe
1316 spoolsv.exe
1412 a2service.exe
1472 aswUpdSv.exe
1488 ashServ.exe
1516 Error 0xD0000022
1696 Ati2evxx.exe
1828 Explorer.EXE
1948 ehRecvr.exe
340 ehSched.exe
480 LSSrvc.exe
516 Error 0xD0000022
1080 ehtray.exe
1092 svcntaux.exe
1168 atiptaxx.exe
1204 SynTPEnh.exe
1240 EabServr.exe
1568 mamutu.exe
1564 Error 0xD0000022
1624 DrvIcon.exe
1704 googletalk.exe
1716 winpatrol.exe
1740 ashDisp.exe
1780 SDTrayApp.exe
1896 GoogleToolbarNotifier.exe
2068 swdsvc.exe
2140 MsnMsgr.Exe
2196 sgmain.exe
2360 sgbhp.exe
2428 svchost.exe
2532 svchost.exe
2596 mcrdsvc.exe
3112 ashMaiSv.exe
3220 ashWebSv.exe
3344 wmiprvse.exe
3448 dllhost.exe
3604 HPQWMI.exe
3688 ehmsas.exe
3700 alg.exe
1016 wuauclt.exe
4024 svchost.exe
2396 usnsvc.exe
956 taskmgr.exe
4088 firefox.exe
2900 autorun.exe
2800 Setup.exe
3888 IKernel.exe
1840 ANALYZER.EXE
3236 ANALYZER.EXE
2260 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000531000: D:\autorun.exe
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\COMCTL32.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000067800000 - 000000006783b000: C:\Program Files\Mamutu\a2handler.dll
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\oleaut32.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0xc5c <----*

eax=00000000 ebx=7ffdf000 ecx=0013ffb0 edx=7c90eb94 esi=00610063 edi=0069006c
eip=00417a1a esp=0013ffc4 ebp=0013fff0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** WARNING: Unable to verify checksum for D:\autorun.exe
*** ERROR: Module load completed but symbols could not be loaded for D:\autorun.exe
function: autorun
No prior disassembly possible
00417a1a ?? ???
00417a1c ?? ???
00417a1e ?? ???
00417a20 ?? ???
00417a22 ?? ???
00417a24 ?? ???
00417a26 ?? ???
00417a28 ?? ???
00417a2a ?? ???
FAULT ->00417a1a ?? ???
Error 0x00000001
00417a1c ?? ???
00417a1e ?? ???
00417a20 ?? ???
00417a22 ?? ???
00417a24 ?? ???
00417a26 ?? ???
00417a28 ?? ???
00417a2a ?? ???
00417a2c ?? ???
00417a2e ?? ???

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0013ffc0 7c816fd7 0069006c 00610063 7ffdf000 autorun+0x17a1a
0013fff0 00000000 00417a1a 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013ffc4 d7 6f 81 7c 6c 00 69 00 - 63 00 61 00 00 f0 fd 7f .o.|l.i.c.a.....
000000000013ffd4 06 00 00 c0 c8 ff 13 00 - e4 fb 13 00 ff ff ff ff ................
000000000013ffe4 a8 9a 83 7c e0 6f 81 7c - 00 00 00 00 00 00 00 00 ...|.o.|........
000000000013fff4 00 00 00 00 1a 7a 41 00 - 00 00 00 00 41 63 74 78 .....zA.....Actx
0000000000140004 20 00 00 00 01 00 00 00 - 98 24 00 00 c4 00 00 00 ........$......
0000000000140014 00 00 00 00 20 00 00 00 - 00 00 00 00 14 00 00 00 .... ...........
0000000000140024 01 00 00 00 06 00 00 00 - 34 00 00 00 14 01 00 00 ........4.......
0000000000140034 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000140044 00 00 00 00 00 00 00 00 - 02 00 00 00 00 00 00 00 ................
0000000000140054 00 00 00 00 00 00 00 00 - 14 02 00 00 9c 01 00 00 ................
0000000000140064 00 00 00 00 5b 49 59 2d - b0 03 00 00 32 00 00 00 ....[IY-....2...
0000000000140074 e4 03 00 00 d2 02 00 00 - 00 00 00 00 e4 02 02 83 ................
0000000000140084 b8 06 00 00 46 00 00 00 - 00 07 00 00 ea 02 00 00 ....F...........
0000000000140094 00 00 00 00 d2 d5 8c d1 - ec 09 00 00 46 00 00 00 ............F...
00000000001400a4 34 0a 00 00 ea 02 00 00 - 00 00 00 00 2e ad 6a d8 4.............j.
00000000001400b4 20 0d 00 00 46 00 00 00 - 68 0d 00 00 04 03 00 00 ...F...h.......
00000000001400c4 10 00 00 00 04 00 00 00 - d4 00 00 00 02 00 00 00 ................
00000000001400d4 01 00 00 00 14 01 00 00 - 8c 0f 00 00 01 00 00 00 ................
00000000001400e4 02 00 00 00 a0 10 00 00 - 2c 03 00 00 01 00 00 00 ........,.......
00000000001400f4 04 00 00 00 cc 13 00 00 - 50 10 00 00 02 00 00 00 ........P.......



Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=1828)
When: 3/2/2008 @ 14:06:10.984
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Chang
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 System
380 smss.exe
584 csrss.exe
612 winlogon.exe
656 services.exe
668 lsass.exe
812 Ati2evxx.exe
828 svchost.exe
896 svchost.exe
936 svchost.exe
1008 svchost.exe
1112 svchost.exe
1316 spoolsv.exe
1412 a2service.exe
1472 aswUpdSv.exe
1488 ashServ.exe
1516 Error 0xD0000022
1696 Ati2evxx.exe
1828 Explorer.EXE
1948 ehRecvr.exe
340 ehSched.exe
480 LSSrvc.exe
1080 ehtray.exe
1092 svcntaux.exe
1168 atiptaxx.exe
1204 SynTPEnh.exe
1240 EabServr.exe
1564 Error 0xD0000022
1624 DrvIcon.exe
1704 googletalk.exe
1716 winpatrol.exe
1740 ashDisp.exe
1780 SDTrayApp.exe
1896 GoogleToolbarNotifier.exe
2068 swdsvc.exe
2140 MsnMsgr.Exe
2196 sgmain.exe
2360 sgbhp.exe
2428 svchost.exe
2532 svchost.exe
2596 mcrdsvc.exe
3112 ashMaiSv.exe
3220 ashWebSv.exe
3344 wmiprvse.exe
3448 dllhost.exe
3604 HPQWMI.exe
3688 ehmsas.exe
3700 alg.exe
1016 wuauclt.exe
4024 svchost.exe
2396 usnsvc.exe
4088 firefox.exe
3396 taskmgr.exe
2652 MAMUTU.EXE
1628 Error 0xD0000022
3832 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000000b60000 - 0000000000b72000: C:\WINDOWS\system32\browselc.dll
(0000000000d70000 - 0000000000d7f000: C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL
(0000000000d80000 - 0000000000d86000: C:\Program Files\Unlocker\UnlockerCOM.dll
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(0000000001230000 - 0000000001240000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(00000000015e0000 - 0000000001ba9000: C:\WINDOWS\system32\ieframe.dll
(0000000001d10000 - 0000000001d55000: C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
(0000000001e10000 - 0000000001e48000: C:\Program Files\a-squared Free\a2freecontmenu.dll
(0000000001ea0000 - 0000000001eb3000: C:\Program Files\7-Zip\7-zip.dll
(0000000001f30000 - 0000000002036000: C:\Program Files\XnView\XnShellEx\XnViewShellExt.dll
(00000000026b0000 - 000000000270b000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
(0000000003dd0000 - 0000000003de7000: C:\WINDOWS\system32\odbcint.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010022000: C:\WINDOWS\system32\guard32.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\PortableDeviceTypes.dll
(0000000011000000 - 000000001102f000: C:\Program Files\SpywareGuard\dlprotect.dll
(0000000014070000 - 000000001408b000: C:\WINDOWS\system32\wmpshell.dll
(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\WPDShServiceObj.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022200000 - 000000002221f000: C:\Program Files\SpywareGuard\spywareguard.dll
(0000000030a00000 - 0000000030cdf000: C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
(00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000004ec50000 - 000000004edf3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000004ffe0000 - 000000004ffe8000: C:\WINDOWS\system32\fltLib.dll
(0000000058390000 - 000000005841a000: C:\WINDOWS\system32\l3codeca.acm
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cad0000 - 000000005caf7000: C:\WINDOWS\system32\shmedia.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(000000005df10000 - 000000005df70000: C:\WINDOWS\system32\wzcdlg.dll
(000000005f4b0000 - 000000005f4cd000: C:\WINDOWS\system32\nlhtml.dll
(000000005fc10000 - 000000005fc43000: C:\WINDOWS\system32\msutb.dll
(0000000060510000 - 0000000060529000: c:\WINDOWS\system32\dfshim.dll
(0000000061410000 - 0000000061534000: C:\WINDOWS\system32\urlmon.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000063380000 - 00000000633f8000: C:\WINDOWS\system32\jscript.dll
(0000000064f00000 - 0000000064f12000: C:\Program Files\Alwil Software\Avast4\ashShell.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000067800000 - 000000006783b000: C:\Program Files\Mamutu\a2handler.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\System32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072280000 - 00000000722aa000: C:\WINDOWS\system32\DINPUT.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\sensapi.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073030000 - 0000000073040000: C:\WINDOWS\system32\WZCSAPI.DLL
(0000000073380000 - 00000000733d7000: C:\WINDOWS\system32\zipfldr.dll
(0000000073420000 - 0000000073574000: C:\WINDOWS\system32\MSVBVM60.DLL
(0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
(0000000073b50000 - 0000000073b67000: C:\WINDOWS\system32\AVIFIL32.dll
(0000000073ba0000 - 0000000073bb3000: C:\WINDOWS\system32\sti.dll
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074980000 - 0000000074a93000: C:\WINDOWS\system32\msxml3.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b6b000: C:\WINDOWS\system32\webcheck.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075a70000 - 0000000075a91000: C:\WINDOWS\system32\MSVFW32.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\winsta.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a5000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.dll
(0000000076f20000 - 0000000076f47000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fc0000 - 0000000076fc6000: C:\WINDOWS\system32\rasadhlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 000000007727e000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\apphelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
(0000000079000000 - 0000000079046000: c:\WINDOWS\system32\mscoree.dll
(0000000079e70000 - 000000007a3ff000: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
(000000007c360000 - 000000007c3b6000: C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\MSVCR71.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d49e000: C:\WINDOWS\system32\msi.dll
(000000007d9a0000 - 000000007db05000: C:\WINDOWS\system32\query.dll
(000000007e290000 - 000000007e401000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x728 <----*

eax=000a0108 ebx=00000003 ecx=7e4188da edx=7c90eb94 esi=000e7628 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0c674 00000000 0007ff5c 010132a4 ntdll!KiFastSystemCallRet
0007ff14 010132a4 000e7628 7ffd6000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a936 00000000 00000000 0002064e Explorer+0x132a4
0007ffc0 7c816fd7 00000010 000810a0 7ffd6000 Explorer+0x1a936
0007fff0 00000000 0101a8ce 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 41 7e c5 4a a2 7c - 9c 92 80 7c 28 76 0e 00 ..A~.J.|...|(v..
000000000007ff00 28 76 0e 00 14 ff 07 00 - 14 ff 07 00 74 c6 a0 7c (v..........t..|
000000000007ff10 00 00 00 00 5c ff 07 00 - a4 32 01 01 28 76 0e 00 ....\....2..(v..
000000000007ff20 00 60 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 .`..........$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c 65 ac 80 7c P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 5f c3 00 00 ............_...
000000000007ff50 dc 00 00 00 05 00 00 00 - 28 76 0e 00 c0 ff 07 00 ........(v......
000000000007ff60 36 a9 01 01 00 00 00 00 - 00 00 00 00 4e 06 02 00 6...........N...
000000000007ff70 01 00 00 00 10 00 00 00 - a0 10 08 00 44 00 00 00 ............D...
000000000007ff80 a0 06 02 00 80 06 02 00 - 50 06 02 00 00 00 00 00 ........P.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 48 22 19 00 ............H"..
000000000007ffa0 00 00 00 00 1d 69 91 7c - 01 00 00 00 01 00 00 00 .....i.|........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 10 00 00 00 a0 10 08 00 .....o.|........
000000000007ffd0 00 60 fd 7f fd 41 54 80 - c8 ff 07 00 a8 7d 0b 86 .`...AT......}..
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00 .......|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - ce a8 01 01 00 00 00 00 ................
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0x104 <----*

eax=000cc478 ebx=00000000 ecx=028475dc edx=00ebfdc8 esi=000b7f48 edi=00000100
eip=7c90eb94 esp=00ebfe1c ebp=00ebff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00ebff80 77e76c2b 00ebffa8 77e76a4d 000b7f48 ntdll!KiFastSystemCallRet
00ebff88 77e76a4d 000b7f48 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5e3
00ebffa8 77e76c13 000b7e00 00ebffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
00ebffb4 7c80b683 000ca3b8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5cb
00ebffec 00000000 77e76bf9 000ca3b8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000ebfe1c 99 e3 90 7c 13 67 e7 77 - b8 01 00 00 70 ff eb 00 ...|.g.w....p...
0000000000ebfe2c 00 00 00 00 28 1a 20 02 - 54 ff eb 00 88 7a 3b c0 ....(. .T....z;.
0000000000ebfe3c ac ee d5 81 00 00 00 80 - 00 00 00 01 00 fc dd eb ................
0000000000ebfe4c d7 c1 5a 80 02 7a 3b c0 - 00 00 e3 28 00 00 00 80 ..Z..z;....(....
0000000000ebfe5c 62 c4 5a 80 b8 97 b7 86 - ff 1f f5 76 38 99 02 86 b.Z........v8...
0000000000ebfe6c 1a 00 00 00 48 42 dd 86 - 07 00 00 00 00 23 dd 86 ....HB.......#..
0000000000ebfe7c 00 00 00 00 74 00 73 00 - 61 00 70 00 00 30 88 c0 ....t.s.a.p..0..
0000000000ebfe8c 05 00 00 00 07 00 00 00 - c8 b3 a3 e2 08 30 03 e2 .............0..
0000000000ebfe9c 00 00 00 00 c8 c2 fd 86 - b4 fb dd eb ea a9 53 80 ..............S.
0000000000ebfeac c4 fb dd eb 04 00 00 00 - 00 00 00 00 c8 c2 fd 86 ................
0000000000ebfebc 14 d7 cd 86 28 fc dd eb - 00 00 00 00 3f 15 00 00 ....(.......?...
0000000000ebfecc e8 17 00 00 00 00 00 00 - e8 fb dd eb 7b ab 53 80 ............{.S.
0000000000ebfedc 00 20 d5 86 e8 17 00 00 - fc c3 fd 86 e8 fb dd eb . ..............
0000000000ebfeec cc ad 53 80 50 68 b6 86 - e8 cb b7 86 ff ff ff ff ..S.Ph..........
0000000000ebfefc 3f 15 00 00 00 00 00 00 - 00 02 00 00 20 fc dd eb ?........... ...
0000000000ebff0c 08 19 51 80 08 10 ff 85 - 4c 95 02 86 24 fc dd eb ..Q.....L...$...
0000000000ebff1c 07 9e 4f 80 0f 9e 4f 80 - 1c 95 02 86 b0 93 02 86 ..O...O.........
0000000000ebff2c e4 93 02 86 80 ff eb 00 - a9 66 e7 77 4c ff eb 00 .........f.wL...
0000000000ebff3c b9 66 e7 77 ed 10 90 7c - 80 9b 0c 00 b8 a3 0c 00 .f.w...|........
0000000000ebff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x10c <----*

eax=00f4ea00 ebx=00000000 ecx=0000000a edx=73530770 esi=00690052 edi=0014c7b0
eip=771544f1 esp=00f4e9ec ebp=00f4ea04 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\OLEAUT32.dll -
function: OLEAUT32!SysReAllocStringLen
771544dc 45 inc ebp
771544dd fc cld
771544de 8b08 mov ecx,[eax]
771544e0 50 push eax
771544e1 ff510c call dword ptr [ecx+0xc]
771544e4 e9f95ffdff jmp OLEAUT32!LoadRegTypeLib+0x7a4 (7712a4e2)
771544e9 8d45fc lea eax,[ebp-0x4]
771544ec 50 push eax
771544ed 6a01 push 0x1
771544ef 6a01 push 0x1
FAULT ->771544f1 ff36 push dword ptr [esi] ds:0023:00690052=????????
771544f3 e86f570100 call OLEAUT32!SafeArrayCreateEx+0x160 (77169c67)
771544f8 85c0 test eax,eax
771544fa 0f8cbb05fdff jl OLEAUT32!VariantInit+0x13b (77124abb)
77154500 e9ab05fdff jmp OLEAUT32!VariantInit+0x130 (77124ab0)
77154505 85c0 test eax,eax
77154507 0f8da807fdff jnl OLEAUT32!SysAllocStringByteLen+0x1d (77124cb5)
7715450d 33c0 xor eax,eax
7715450f e9dc07fdff jmp OLEAUT32!SysAllocStringByteLen+0x58 (77124cf0)
77154514 56 push esi
77154515 8b7508 mov esi,[ebp+0x8]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSVBVM60.DLL -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\SpywareGuard\spywareguard.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -


Application exception occurred:
App: C:\WINDOWS\system32\taskmgr.exe (pid=2120)
When: 3/2/2008 @ 14:36:57.765
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Chang
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 System
376 smss.exe
584 csrss.exe
612 winlogon.exe
656 services.exe
668 lsass.exe
816 Ati2evxx.exe
832 svchost.exe
912 svchost.exe
952 svchost.exe
1028 svchost.exe
1140 svchost.exe
1312 spoolsv.exe
1408 a2service.exe
1460 aswUpdSv.exe
1476 ashServ.exe
1500 Error 0xD0000022
1668 ehRecvr.exe
1692 ehSched.exe
1968 Ati2evxx.exe
144 LSSrvc.exe
412 Error 0xD0000022
1004 svcntaux.exe
1228 ehtray.exe
1236 atiptaxx.exe
1268 SynTPEnh.exe
1384 EabServr.exe
1748 mamutu.exe
1952 swdsvc.exe
1976 Error 0xD0000022
2012 DrvIcon.exe
1864 googletalk.exe
2060 winpatrol.exe
2072 ashDisp.exe
2092 SDTrayApp.exe
2100 GoogleToolbarNotifier.exe
2112 MsnMsgr.Exe
2148 sgmain.exe
2244 sgbhp.exe
2388 ctfmon.exe
2444 svchost.exe
2496 svchost.exe
2648 mcrdsvc.exe
3084 ashMaiSv.exe
3108 wmiprvse.exe
3236 ehmsas.exe
3296 ashWebSv.exe
3352 dllhost.exe
3536 imapi.exe
3624 HPQWMI.exe
3724 alg.exe
192 wuauclt.exe
1164 wmiprvse.exe
2120 taskmgr.exe
2344 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 0000000001024000: C:\WINDOWS\system32\taskmgr.exe
(0000000010000000 - 0000000010022000: C:\WINDOWS\system32\guard32.dll
(000000004ffe0000 - 000000004ffe8000: C:\WINDOWS\system32\fltLib.dll
(000000005ad60000 - 000000005ad6a000: C:\WINDOWS\system32\VDMDBG.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000067800000 - 000000006783b000: C:\Program Files\Mamutu\a2handler.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\winsta.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x820 <----*

eax=00000000 ebx=00000002 ecx=000da8d0 edx=00000002 esi=000da8d0 edi=0007e158
eip=7ca03bef esp=0007e0cc ebp=0007e0d8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
function: SHELL32!Ordinal159
7ca03bdc 8bff mov edi,edi
7ca03bde 55 push ebp
7ca03bdf 8bec mov ebp,esp
7ca03be1 53 push ebx
7ca03be2 56 push esi
7ca03be3 57 push edi
7ca03be4 6a02 push 0x2
7ca03be6 5b pop ebx
7ca03be7 8bf1 mov esi,ecx
7ca03be9 8b8630600000 mov eax,[esi+0x6030]
FAULT ->7ca03bef 8b08 mov ecx,[eax] ds:0023:00000000=????????
7ca03bf1 6848100000 push 0x1048
7ca03bf6 8dbeac4b0000 lea edi,[esi+0x4bac]
7ca03bfc 57 push edi
7ca03bfd ffb604600000 push dword ptr [esi+0x6004]
7ca03c03 6a01 push 0x1
7ca03c05 6a00 push 0x0
7ca03c07 50 push eax
7ca03c08 ff5118 call dword ptr [ecx+0x18]
7ca03c0b 85c0 test eax,eax
7ca03c0d 0f8dbd980400 jnl SHELL32!SHCreateQueryCancelAutoPlayMoniker+0xb59a (7ca4d4d0)

*----> Stack Back Trace <----*


Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=228)
When: 3/3/2008 @ 15:29:51.558
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Chang
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 System
376 smss.exe
584 csrss.exe
612 winlogon.exe
656 services.exe
668 lsass.exe
812 Ati2evxx.exe
828 svchost.exe
912 svchost.exe
952 svchost.exe
1024 svchost.exe
1140 svchost.exe
1308 spoolsv.exe
1408 a2service.exe
1460 aswUpdSv.exe
1476 ashServ.exe
1508 Error 0xD0000022
1748 ehRecvr.exe
1900 Ati2evxx.exe
228 Explorer.EXE
264 ehSched.exe
460 LSSrvc.exe
532 Error 0xD0000022
1256 ehtray.exe
1348 atiptaxx.exe
772 SynTPEnh.exe
1556 EabServr.exe
1816 mamutu.exe
1808 Error 0xD0000022
1976 DrvIcon.exe
1992 googletalk.exe
2000 winpatrol.exe
2016 ashDisp.exe
2060 MsnMsgr.Exe
2068 ctfmon.exe
2100 sgmain.exe
2168 sgbhp.exe
2408 svchost.exe
2492 svchost.exe
2576 mcrdsvc.exe
3020 ashMaiSv.exe
3060 ashWebSv.exe
3144 dllhost.exe
3244 wmiprvse.exe
3492 alg.exe
3708 HPQWMI.exe
3796 ehmsas.exe
304 wuauclt.exe
3884 svchost.exe
508 taskmgr.exe
1316 usnsvc.exe
5484 BRMFRSMG.EXE
1892 ashSimpl.exe
4144 firefox.exe
1768 AcroRd32.exe
2296 dwwin.exe
4420 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000000d00000 - 0000000000d0f000: C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL
(0000000000d70000 - 0000000000d82000: C:\WINDOWS\system32\browselc.dll
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(0000000001190000 - 00000000011a0000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(00000000015d0000 - 00000000015d6000: C:\Program Files\Unlocker\UnlockerCOM.dll
(00000000015e0000 - 0000000001ba9000: C:\WINDOWS\system32\ieframe.dll
(0000000002630000 - 0000000002643000: C:\Program Files\7-Zip\7-zip.dll
(0000000002910000 - 000000000296b000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
(0000000002ca0000 - 0000000002cd8000: C:\Program Files\a-squared Free\a2freecontmenu.dll
(0000000002fd0000 - 0000000003015000: C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
(0000000003d30000 - 0000000003e36000: C:\Program Files\XnView\XnShellEx\XnViewShellExt.dll
(0000000003ea0000 - 0000000003f28000: C:\WINDOWS\system32\shdoclc.dll
(00000000042c0000 - 00000000042d7000: C:\WINDOWS\system32\odbcint.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010022000: C:\WINDOWS\system32\guard32.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\PortableDeviceTypes.dll
(0000000011000000 - 000000001102f000: C:\Program Files\SpywareGuard\dlprotect.dll
(0000000014070000 - 000000001408b000: C:\WINDOWS\system32\wmpshell.dll
(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\WPDShServiceObj.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022200000 - 000000002221f000: C:\Program Files\SpywareGuard\spywareguard.dll
(00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000004ec50000 - 000000004edf3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000004ffe0000 - 000000004ffe8000: C:\WINDOWS\system32\fltLib.dll
(0000000058390000 - 000000005841a000: C:\WINDOWS\system32\l3codeca.acm
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb00000 - 000000005cb6e000: C:\WINDOWS\system32\shimgvw.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(000000005df10000 - 000000005df70000: C:\WINDOWS\system32\wzcdlg.dll
(000000005fc10000 - 000000005fc43000: C:\WINDOWS\system32\msutb.dll
(0000000061410000 - 0000000061534000: C:\WINDOWS\system32\urlmon.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000064f00000 - 0000000064f12000: C:\Program Files\Alwil Software\Avast4\ashShell.dll
(0000000067800000 - 000000006783b000: C:\Program Files\Mamutu\a2handler.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072410000 - 000000007242a000: C:\WINDOWS\system32\mydocs.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073030000 - 0000000073040000: C:\WINDOWS\system32\WZCSAPI.DLL
(0000000073380000 - 00000000733d7000: C:\WINDOWS\system32\zipfldr.dll
(0000000073420000 - 0000000073574000: C:\WINDOWS\system32\MSVBVM60.DLL
(0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
(0000000073ba0000 - 0000000073bb3000: C:\WINDOWS\system32\sti.dll
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b6b000: C:\WINDOWS\system32\webcheck.dll
(0000000074b80000 - 0000000074c0c000: C:\WINDOWS\system32\printui.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(0000000075150000 - 0000000075164000: C:\WINDOWS\system32\Cabinet.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\winsta.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a5000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINDOWS\system32\adsldpc.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 000000007727e000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\apphelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077cc0000 - 0000000077cf2000: C:\WINDOWS\system32\ACTIVEDS.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d49e000: C:\WINDOWS\system32\msi.dll
(000000007e290000 - 000000007e401000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0xd4 <----*

eax=00000001 ebx=00000003 ecx=0007fef0 edx=7c90eb94 esi=000e9228 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0c674 00000000 0007ff5c 010132a4 ntdll!KiFastSystemCallRet
0007ff14 010132a4 000e9228 7ffd8000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a936 00000000 00000000 0002064e Explorer+0x132a4
0007ffc0 7c816fd7 00000010 000810a0 7ffd8000 Explorer+0x1a936
0007fff0 00000000 0101a8ce 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 41 7e c5 4a a2 7c - 9c 92 80 7c 28 92 0e 00 ..A~.J.|...|(...
000000000007ff00 28 92 0e 00 14 ff 07 00 - 14 ff 07 00 74 c6 a0 7c (...........t..|
000000000007ff10 00 00 00 00 5c ff 07 00 - a4 32 01 01 28 92 0e 00 ....\....2..(...
000000000007ff20 00 80 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 ............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c 65 ac 80 7c P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 00 cb 00 00 ................
000000000007ff50 dc 00 00 00 03 00 00 00 - 28 92 0e 00 c0 ff 07 00 ........(.......
000000000007ff60 36 a9 01 01 00 00 00 00 - 00 00 00 00 4e 06 02 00 6...........N...
000000000007ff70 01 00 00 00 10 00 00 00 - a0 10 08 00 44 00 00 00 ............D...
000000000007ff80 a0 06 02 00 80 06 02 00 - 50 06 02 00 00 00 00 00 ........P.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 48 22 19 00 ............H"..
000000000007ffa0 00 00 00 00 1d 69 91 7c - 01 00 00 00 01 00 00 00 .....i.|........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 10 00 00 00 a0 10 08 00 .....o.|........
000000000007ffd0 00 80 fd 7f fd 41 54 80 - c8 ff 07 00 20 b6 08 86 .....AT..... ...
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00 .......|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - ce a8 01 01 00 00 00 00 ................
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0x114 <----*

eax=026e7078 ebx=00000000 ecx=000c7ed0 edx=000b7f84 esi=000b7f48 edi=000b7fec
eip=7c90eb94 esp=00ebfe1c ebp=00ebff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00ebff80 77e76c2b 00ebffa8 77e76a4d 000b7f48 ntdll!KiFastSystemCallRet
00ebff88 77e76a4d 000b7f48 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5e3
00ebffa8 77e76c13 000b7e00 00ebffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
00ebffb4 7c80b683 000ca3e8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5cb
00ebffec 00000000 77e76bf9 000ca3e8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000ebfe1c 99 e3 90 7c 13 67 e7 77 - b4 01 00 00 70 ff eb 00 ...|.g.w....p...
0000000000ebfe2c 00 00 00 00 40 70 6e 02 - 54 ff eb 00 00 00 00 00 ....@pn.T.......
0000000000ebfe3c 10 00 00 00 28 ed 45 01 - 00 00 00 00 a0 eb 45 01 ....(.E.......E.
0000000000ebfe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 12 00 0a 02 ................
0000000000ebfe5c 00 4c fa 7f 00 00 00 00 - 00 eb 45 00 00 00 00 00 .L........E.....
0000000000ebfe6c 15 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ebfe7c 00 00 00 00 00 00 00 00 - 33 08 91 7c 00 00 fa 7f ........3..|....
0000000000ebfe8c 20 00 00 00 99 69 91 7c - b0 3d 17 00 00 40 fa 7f ....i.|.=...@..
0000000000ebfe9c 5c ec 45 01 a5 69 91 7c - c4 eb 45 01 e3 ef 90 7c \.E..i.|..E....|
0000000000ebfeac 4c ec 45 01 43 ef 90 7c - ff ff ff ff 4c ec 45 01 L.E.C..|....L.E.
0000000000ebfebc 5c ec 45 01 f8 4b fa 7f - 08 21 17 00 00 00 00 00 \.E..K...!......
0000000000ebfecc 1d 69 91 7c 4c ec 45 01 - 24 69 91 7c f8 4b fa 7f .i.|L.E.$i.|.K..
0000000000ebfedc b0 3d 17 00 00 00 00 00 - 14 00 00 00 e4 eb 45 01 .=............E.
0000000000ebfeec 41 50 91 7c 0c ec 45 01 - fc 00 98 00 04 00 00 00 AP.|..E.........
0000000000ebfefc ec 00 98 00 00 00 98 00 - 24 ec 45 01 33 52 91 7c ........$.E.3R.|
0000000000ebff0c 0c ec 45 01 ec 00 98 00 - 44 7f a8 86 24 7c 75 eb ..E.....D...$|u.
0000000000ebff1c 07 9e 4f 80 0f 9e 4f 80 - 14 7f a8 86 a8 7d a8 86 ..O...O......}..
0000000000ebff2c dc 7d a8 86 80 ff eb 00 - a9 66 e7 77 4c ff eb 00 .}.......f.wL...
0000000000ebff3c b9 66 e7 77 ed 10 90 7c - b0 9b 0c 00 e8 a3 0c 00 .f.w...|........
0000000000ebff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x1ac <----*

eax=00f4e01c ebx=00000000 ecx=0000000a edx=73530770 esi=0073006b edi=000f7d58
eip=771544f1 esp=00f4e008 ebp=00f4e020 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\OLEAUT32.dll -
function: OLEAUT32!SysReAllocStringLen
771544dc 45 inc ebp
771544dd fc cld
771544de 8b08 mov ecx,[eax]
771544e0 50 push eax
771544e1 ff510c call dword ptr [ecx+0xc]
771544e4 e9f95ffdff jmp OLEAUT32!LoadRegTypeLib+0x7a4 (7712a4e2)
771544e9 8d45fc lea eax,[ebp-0x4]
771544ec 50 push eax
771544ed 6a01 push 0x1
771544ef 6a01 push 0x1
FAULT ->771544f1 ff36 push dword ptr [esi] ds:0023:0073006b=????????
771544f3 e86f570100 call OLEAUT32!SafeArrayCreateEx+0x160 (77169c67)
771544f8 85c0 test eax,eax
771544fa 0f8cbb05fdff jl OLEAUT32!VariantInit+0x13b (77124abb)
77154500 e9ab05fdff jmp OLEAUT32!VariantInit+0x130 (77124ab0)
77154505 85c0 test eax,eax
77154507 0f8da807fdff jnl OLEAUT32!SysAllocStringByteLen+0x1d (77124cb5)
7715450d 33c0 xor eax,eax
7715450f e9dc07fdff jmp OLEAUT32!SysAllocStringByteLen+0x58 (77124cf0)
77154514 56 push esi
77154515 8b7508 mov esi,[ebp+0x8]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSVBVM60.DLL -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\SpywareGuard\spywareguard.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:52 PM

Posted 04 March 2008 - 07:08 PM

Dr. Watson didn't load the symbol files for the log - so there's not much concrete information here. From what I've been able to see, you've got a large amount of "protection" software running - and any one of them is capable of causing this behavior.

I'd have to suggest searching your hard drive for files ending in .dmp or .mdmp - and then follow the instructions at this link: http://forums.majorgeeks.com/showthread.php?t=35246

The link is primarily for system crashes related to the BSOD - but it will also work for application crashes.

Post back with the results and we can work from there. Meanwhile, try disabling all the protection apps except for 1 antivirus, 1 antispyware and your firewall.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 05 March 2008 - 01:17 AM

I do have some antimalware installed, but I've made sure to run one of each. Now I replaced the original programs, and there's only 1 of each on at any single time.
And I got 2 more crashes today, but when I rsearched for the dmp and mdmp files I found nothing remotely relevant.. I'm thinking that it's because after Explorer dies, the Dr. Watson Postmortem Debugger comes up and also reports that it encountered an error and needs to close. Since it unexpectedly closed, does that mean that it won't generate logs? >_<
Thank you for your help, I appreciate it :thumbsup:

Edited by skyfuser, 05 March 2008 - 01:53 AM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:52 PM

Posted 06 March 2008 - 09:47 AM

Could you post the results of the dump files here so that we can have a look at them?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 06 March 2008 - 06:04 PM

Apologies for sounding like an idiot, but are you referring to the .dmp/.mdmp files or the .log files? Because I have a log file, but not anything with a .dmp or .mdmp...
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:52 PM

Posted 06 March 2008 - 06:24 PM

The log files will do just fine if the symbols were loaded correctly.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 06 March 2008 - 06:30 PM

How convenient. I just got another crash. And this time drwtsn didn't crash, and explorer restarted by itself :thumbsup:
I will post the newest log and dmp soon.

Edited by skyfuser, 06 March 2008 - 06:30 PM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#13 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 06 March 2008 - 06:38 PM

Here's the log...


Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=4064)
When: 3/6/2008 @ 15:28:40.531
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: PC145062529919
User Name: Chang
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 36 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: hp owner

*----> Task List <----*
0 System Process
4 System
516 smss.exe
576 csrss.exe
604 winlogon.exe
648 services.exe
660 lsass.exe
808 Ati2evxx.exe
824 svchost.exe
888 svchost.exe
928 svchost.exe
1008 svchost.exe
1120 svchost.exe
1324 spoolsv.exe
1420 a2service.exe
1472 aswUpdSv.exe
1492 ashServ.exe
1508 cmdagent.exe
1556 ehRecvr.exe
1708 ehSched.exe
1756 LSSrvc.exe
1796 a2service.exe
2004 svchost.exe
220 svchost.exe
396 mcrdsvc.exe
1020 ashMaiSv.exe
964 ashWebSv.exe
1164 dllhost.exe
1920 alg.exe
188 Ati2evxx.exe
912 wmiprvse.exe
1352 ehtray.exe
2576 atiptaxx.exe
2592 SynTPEnh.exe
472 EabServr.exe
148 ehmsas.exe
2312 cfp.exe
508 DrvIcon.exe
2736 winpatrol.exe
2912 ashDisp.exe
2944 MsnMsgr.Exe
2964 ctfmon.exe
2956 sgmain.exe
2244 HPQWMI.exe
1800 wuauclt.exe
3272 sgbhp.exe
2164 svchost.exe
4064 explorer.exe
2680 TeaTimer.exe
29344 taskmgr.exe
3644 googletalk.exe
2988 FIREFOX.EXE
23556 dwwin.exe
23644 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000000b90000 - 0000000000b96000: C:\Program Files\Unlocker\UnlockerCOM.dll
(0000000000cf0000 - 0000000000cff000: C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL
(0000000000d70000 - 0000000000d80000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(0000000000f30000 - 0000000000f44000: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe
(0000000001270000 - 00000000012cb000: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
(0000000001310000 - 000000000133e000: C:\Program Files\WinRAR\rarext.dll
(00000000017b0000 - 00000000017c4000: C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL
(0000000001810000 - 0000000001dd9000: C:\WINDOWS\system32\ieframe.dll
(0000000002160000 - 0000000002198000: C:\Program Files\a-squared Free\a2freecontmenu.dll
(00000000021f0000 - 00000000021ff000: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
(0000000002200000 - 0000000002306000: C:\Program Files\XnView\XnShellEx\XnViewShellExt.dll
(0000000002470000 - 0000000002487000: C:\WINDOWS\system32\odbcint.dll
(00000000025e0000 - 0000000002625000: C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
(00000000027f0000 - 0000000002802000: C:\WINDOWS\system32\browselc.dll
(00000000037a0000 - 00000000037de000: C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
(0000000003850000 - 00000000039d5000: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
(0000000007160000 - 00000000071a6000: C:\WINDOWS\system32\Audiodev.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010022000: C:\WINDOWS\system32\guard32.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\PortableDeviceTypes.dll
(0000000011000000 - 000000001102f000: C:\Program Files\SpywareGuard\dlprotect.dll
(0000000011c70000 - 0000000011ca9000: C:\WINDOWS\system32\WMASF.DLL
(0000000015110000 - 000000001536a000: C:\WINDOWS\system32\WMVCore.DLL
(0000000016210000 - 000000001648e000: C:\WINDOWS\system32\wpdshext.dll
(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\WPDShServiceObj.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022200000 - 000000002221f000: C:\Program Files\SpywareGuard\spywareguard.dll
(00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000004ec50000 - 000000004edf3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000004ffe0000 - 000000004ffe8000: C:\WINDOWS\system32\fltLib.dll
(00000000593f0000 - 0000000059482000: C:\WINDOWS\system32\wiashext.dll
(000000005a500000 - 000000005a550000: C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005cdc0000 - 000000005cdd0000: C:\WINDOWS\system32\sendmail.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(000000005dca0000 - 000000005dce5000: C:\WINDOWS\system32\iertutil.dll
(000000005df10000 - 000000005df70000: C:\WINDOWS\system32\wzcdlg.dll
(000000005edd0000 - 000000005ede7000: C:\WINDOWS\system32\olepro32.dll
(0000000061410000 - 0000000061534000: C:\WINDOWS\system32\urlmon.dll
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000064f00000 - 0000000064f12000: C:\Program Files\Alwil Software\Avast4\ashShell.dll
(0000000065af0000 - 0000000065afa000: C:\WINDOWS\system32\jsproxy.dll
(0000000069450000 - 0000000069466000: C:\WINDOWS\system32\faultrep.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\wsock32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072410000 - 000000007242a000: C:\WINDOWS\system32\mydocs.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073030000 - 0000000073040000: C:\WINDOWS\system32\WZCSAPI.DLL
(0000000073380000 - 00000000733d7000: C:\WINDOWS\system32\zipfldr.dll
(0000000073420000 - 0000000073574000: C:\WINDOWS\system32\MSVBVM60.DLL
(0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
(0000000073ba0000 - 0000000073bb3000: C:\WINDOWS\system32\sti.dll
(0000000073d70000 - 0000000073d83000: C:\WINDOWS\system32\shgina.dll
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b6b000: C:\WINDOWS\system32\webcheck.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\winsta.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a5000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 000000007727e000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\apphelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d49e000: C:\WINDOWS\system32\msi.dll
(000000007e290000 - 000000007e401000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x7e0 <----*

eax=00000000 ebx=00000003 ecx=0007c8fc edx=7c90eb94 esi=00148328 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0c674 00000000 0007ff5c 010132a4 ntdll!KiFastSystemCallRet
0007ff14 010132a4 00148328 7ffd9000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a936 00000000 00000000 00020688 explorer+0x132a4
0007ffc0 7c816fd7 80000001 0007d644 7ffd9000 explorer+0x1a936
0007fff0 00000000 0101a8ce 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 41 7e c5 4a a2 7c - 9c 92 80 7c 28 83 14 00 ..A~.J.|...|(...
000000000007ff00 28 83 14 00 14 ff 07 00 - 14 ff 07 00 74 c6 a0 7c (...........t..|
000000000007ff10 00 00 00 00 5c ff 07 00 - a4 32 01 01 28 83 14 00 ....\....2..(...
000000000007ff20 00 90 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 ............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c 65 ac 80 7c P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 aa 12 22 01 ..............".
000000000007ff50 dc 00 00 00 02 00 00 00 - 28 83 14 00 c0 ff 07 00 ........(.......
000000000007ff60 36 a9 01 01 00 00 00 00 - 00 00 00 00 88 06 02 00 6...............
000000000007ff70 01 00 00 00 01 00 00 80 - 44 d6 07 00 44 00 00 00 ........D...D...
000000000007ff80 dc 06 02 00 bc 06 02 00 - 8c 06 02 00 00 00 00 00 ................
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffa0 00 00 00 00 00 00 00 00 - 01 04 00 00 01 00 00 00 ................
000000000007ffb0 00 00 00 00 00 00 00 00 - 01 00 01 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 01 00 00 80 44 d6 07 00 .....o.|....D...
000000000007ffd0 00 90 fd 7f fd 41 54 80 - c8 ff 07 00 a8 0d c2 85 .....AT.........
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00 .......|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - ce a8 01 01 00 00 00 00 ................
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0xd48 <----*

eax=00000001 ebx=00000000 ecx=000b86a8 edx=7c90eb94 esi=000b86a8 edi=000b874c
eip=7c90eb94 esp=00f1fe1c ebp=00f1ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f1ff80 77e76c2b 00f1ffa8 77e76a4d 000b86a8 ntdll!KiFastSystemCallRet
00f1ff88 77e76a4d 000b86a8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5e3
00f1ffa8 77e76c13 000b8560 00f1ffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
00f1ffb4 7c80b683 000cb1d8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5cb
00f1ffec 00000000 77e76bf9 000cb1d8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f1fe1c 99 e3 90 7c 13 67 e7 77 - d8 01 00 00 70 ff f1 00 ...|.g.w....p...
0000000000f1fe2c 00 00 00 00 30 fc 16 00 - 4c ff f1 00 00 00 00 00 ....0...L.......
0000000000f1fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe6c 08 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1feec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1fefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f1ff0c 00 00 00 00 00 00 00 00 - bc 71 ed 85 24 7c c3 ba .........q..$|..
0000000000f1ff1c 07 9e 4f 80 0f 9e 4f 80 - 8c 71 ed 85 20 70 ed 85 ..O...O..q.. p..
0000000000f1ff2c 54 70 ed 85 80 ff f1 00 - a9 66 e7 77 4c ff f1 00 Tp.......f.wL...
0000000000f1ff3c b9 66 e7 77 ed 10 90 7c - a8 9c 0c 00 d8 b1 0c 00 .f.w...|........
0000000000f1ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x898 <----*

eax=00750063 ebx=00000000 ecx=22200000 edx=73530524 esi=00d41e94 edi=00000000
eip=734630ff esp=00fafd18 ebp=00fafd3c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSVBVM60.DLL -
function: MSVBVM60!Zombie_QueryInterface
734630dd b005 mov al,0x5
734630df fd std
734630e0 ff6a07 jmp fword ptr [edx+0x7]
734630e3 58 pop eax
734630e4 e9c008fdff jmp MSVBVM60!EbLoadRunTime+0x4b7 (734339a9)
734630e9 894708 mov [edi+0x8],eax
734630ec e9ef05fcff jmp MSVBVM60!EbLibraryLoad+0x480 (734236e0)
734630f1 8b4c240c mov ecx,[esp+0xc]
734630f5 e815620900 call MSVBVM60!TipGetAddressOfPredeclaredInstance+0x109 (734f930f)
734630fa e9910bfdff jmp MSVBVM60!EbLoadRunTime+0x79e (73433c90)
FAULT ->734630ff 8b500c mov edx,[eax+0xc] ds:0023:0075006f=????????
73463102 8b12 mov edx,[edx]
73463104 8b5204 mov edx,[edx+0x4]
73463107 8b5214 mov edx,[edx+0x14]
7346310a 3b4a08 cmp ecx,[edx+0x8]
7346310d 740c jz MSVBVM60!Zombie_QueryInterface+0x1484a (7346311b)
7346310f 8b00 mov eax,[eax]
73463111 85c0 test eax,eax
73463113 0f841024fdff je MSVBVM60!EbResetProjectNormal+0x128 (73435529)
73463119 ebe4 jmp MSVBVM60!Zombie_QueryInterface+0x1482e (734630ff)
7346311b 6a01 push 0x1

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00fafd3c 734371cb 021238a4 00000000 73531850 MSVBVM60!Zombie_QueryInterface+0x1482e
00fafd58 7344c737 021238a4 00000000 00000001 MSVBVM60!EbResetProjectNormal+0x1dca
00fafd78 7344c6d8 00d41e94 73530470 00d41e94 MSVBVM60!VBDllCanUnloadNow+0xa5
00fafdb0 734307bb 00fafe74 734305be 00000000 MSVBVM60!VBDllCanUnloadNow+0x46
00fafdec 734305d7 00fafe08 002e0600 00001047 MSVBVM60!ThunRTMain+0x297d
00fafe0c 7e418734 002e0600 00001047 00000000 MSVBVM60!ThunRTMain+0x2799
00fafe38 7e418816 734305be 002e0600 00001047 USER32!GetDC+0x6d
00fafea0 7e4189cd 000a06c8 734305be 002e0600 USER32!GetDC+0x14f
00faff00 7e418a10 00faff28 00000000 00faff44 USER32!GetWindowLongW+0x127
00faff10 01001a35 00faff28 00000000 010460f8 USER32!DispatchMessageW+0xf
00faff44 0100ff89 00000000 00faffb4 77f76f42 explorer+0x1a35
00faff50 77f76f42 010460f8 0000005c 0007fc04 explorer+0xff89
00faffb4 7c80b683 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x3e9
00faffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fafd18 91 73 43 73 00 00 20 22 - f0 1c 16 00 cc 72 43 73 .sCs.. ".....rCs
0000000000fafd28 00 00 20 22 54 9c 12 02 - 94 1e d4 00 08 1f d4 00 .. "T...........
0000000000fafd38 08 1f d4 00 58 fd fa 00 - cb 71 43 73 a4 38 12 02 ....X....qCs.8..
0000000000fafd48 00 00 00 00 50 18 53 73 - 54 9c 12 02 70 04 53 73 ....P.SsT...p.Ss
0000000000fafd58 78 fd fa 00 37 c7 44 73 - a4 38 12 02 00 00 00 00 x...7.Ds.8......
0000000000fafd68 01 00 00 00 00 00 00 00 - 00 00 00 00 a4 38 12 02 .............8..
0000000000fafd78 b0 fd fa 00 d8 c6 44 73 - 94 1e d4 00 70 04 53 73 ......Ds....p.Ss
0000000000fafd88 94 1e d4 00 88 c6 44 73 - d4 1d 20 22 74 fe fa 00 ......Ds.. "t...
0000000000fafd98 be 05 43 73 00 00 00 00 - d4 1d 20 22 18 05 53 73 ..Cs...... "..Ss
0000000000fafda8 a4 38 12 02 01 00 00 00 - ec fd fa 00 bb 07 43 73 .8............Cs
0000000000fafdb8 74 fe fa 00 be 05 43 73 - 00 00 00 00 00 00 00 00 t.....Cs........
0000000000fafdc8 00 b0 fd 7f 02 01 00 00 - 00 00 c4 00 53 02 01 00 ............S...
0000000000fafdd8 c4 fd fa 00 00 00 00 00 - 38 fe fa 00 48 e5 75 74 ........8...H.ut
0000000000fafde8 78 0e 73 74 0c fe fa 00 - d7 05 43 73 08 fe fa 00 x.st......Cs....
0000000000fafdf8 00 06 2e 00 47 10 00 00 - 00 00 00 00 00 00 00 00 ....G...........
0000000000fafe08 00 00 00 40 38 fe fa 00 - 34 87 41 7e 00 06 2e 00 ...@8...4.A~....
0000000000fafe18 47 10 00 00 00 00 00 00 - 00 00 00 00 be 05 43 73 G.............Cs
0000000000fafe28 cd ab ba dc 00 00 00 00 - 74 fe fa 00 be 05 43 73 ........t.....Cs
0000000000fafe38 a0 fe fa 00 16 88 41 7e - be 05 43 73 00 06 2e 00 ......A~..Cs....
0000000000fafe48 47 10 00 00 00 00 00 00 - 00 00 00 00 30 ff fa 00 G...........0...

*----> State Dump for Thread Id 0x194 <----*

eax=000000c0 ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff edi=7c90fb78
eip=7c90eb94 esp=00feff9c ebp=00feffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00feffb4 7c80b683 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
00feffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000feff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff fe 00 \..|.y.|........
0000000000feffac 00 00 00 00 00 00 00 80 - ec ff fe 00 83 b6 80 7c ...............|
0000000000feffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00 ....x..|........
0000000000feffcc 00 a0 fd 7f 00 06 fc 86 - c0 ff fe 00 b8 99 ca 86 ................
0000000000feffdc ff ff ff ff a8 9a 83 7c - 90 b6 80 7c 00 00 00 00 .......|...|....
0000000000feffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
0000000000fefffc 00 00 00 00 00 00 00 00 - 9f 00 13 00 10 00 90 01 ................
0000000000ff000c 17 00 b0 01 ff ff ff 00 - ff ff ff 00 00 00 00 00 ................
0000000000ff001c 00 00 00 00 ff ff ff 00 - ff ff ff 00 00 00 00 00 ................
0000000000ff002c 00 00 00 00 00 00 00 00 - 01 00 00 00 0d 02 01 01 ................
0000000000ff003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ff004c 02 00 00 00 01 00 00 00 - 01 00 00 00 00 00 00 00 ................
0000000000ff005c 00 00 00 00 00 00 00 00 - 1f 00 89 01 00 00 00 00 ................
0000000000ff006c ff ff ff ff ff ff ff ff - 00 00 00 00 00 00 00 00 ................
0000000000ff007c 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................
0000000000ff008c 00 00 00 00 21 00 8a 01 - 00 00 00 40 06 00 00 00 ....!......@....
0000000000ff009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ff00ac 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00 00 ...@............
0000000000ff00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ff00cc 4b 00 00 00 00 00 00 40 - fe ff ff ff 00 00 00 00 K......@........

*----> State Dump for Thread Id 0xaa8 <----*

eax=000000c0 ebx=00000000 ecx=00fafb00 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=0138fcec ebp=0138ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0138ffb4 7c80b683 00000000 00000020 00fafce4 ntdll!KiFastSystemCallRet
0138ffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000138fcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd 38 01 ...|...|....0.8.
000000000138fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000138fd0c e4 fc fa 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
000000000138fd1c 20 02 00 00 a8 0a 00 00 - 03 00 00 00 03 00 00 00 ...............
000000000138fd2c 02 00 00 00 1c 02 00 00 - 04 02 00 00 fc 06 00 00 ................
000000000138fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000138fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xdf0 <----*

eax=00000000 ebx=00189a38 ecx=0000024c edx=0000002c esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=0142fd30 ebp=0142fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0142fdcc 7e4195f9 0000000a 00170d70 00000000 ntdll!KiFastSystemCallRet
0142fe28 7c9f51b4 00000009 0142fe50 ffffffff USER32!GetLastInputInfo+0x105
0142ff4c 7ca0ab7c 77f76f42 00000000 7c80995a SHELL32!Ordinal646+0x2327
0142ffb4 7c80b683 00000000 7c80995a 00090000 SHELL32!Ordinal753+0x133
0142ffec 00000000 77f76ed3 00faf4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000142fd30 ab e9 90 7c e2 94 80 7c - 0a 00 00 00 38 9a 18 00 ...|...|....8...
000000000142fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142fd50 0a 00 00 00 02 00 00 00 - 00 00 00 00 70 0d 17 00 ............p...
000000000142fd60 01 00 00 00 00 00 00 00 - 30 00 00 00 10 00 00 00 ........0.......
000000000142fd70 00 00 09 00 6c fb 42 01 - 14 00 00 00 01 00 00 00 ....l.B.........
000000000142fd80 30 47 0d 00 00 00 00 00 - 00 00 00 00 eb 06 91 7c 0G.............|
000000000142fd90 df 99 80 7c 00 00 09 00 - 00 90 fd 7f 00 60 fd 7f ...|.........`..
000000000142fda0 00 60 fd 7f 00 00 00 00 - 38 9a 18 00 00 00 00 00 .`......8.......
000000000142fdb0 0a 00 00 00 4c fd 42 01 - 00 00 00 00 dc ff 42 01 ....L.B.......B.
000000000142fdc0 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 28 fe 42 01 ...|...|....(.B.
000000000142fdd0 f9 95 41 7e 0a 00 00 00 - 70 0d 17 00 00 00 00 00 ..A~....p.......
000000000142fde0 ff ff ff ff 01 00 00 00 - 60 7b 0e 00 09 00 00 00 ........`{......
000000000142fdf0 00 00 00 00 20 48 88 7c - 20 00 00 00 03 00 00 00 .... H.| .......
000000000142fe00 01 00 00 00 00 00 00 00 - 1c fe 42 01 82 4a a2 7c ..........B..J.|
000000000142fe10 68 0a 00 00 d8 ae 00 00 - 00 00 00 00 01 00 00 00 h...............
000000000142fe20 00 60 fd 7f 4c 02 00 00 - 4c ff 42 01 b4 51 9f 7c .`..L...L.B..Q.|
000000000142fe30 09 00 00 00 50 fe 42 01 - ff ff ff ff ff 04 00 00 ....P.B.........
000000000142fe40 70 0d 17 00 00 00 00 00 - 00 00 00 00 00 00 00 00 p...............
000000000142fe50 68 0a 00 00 74 0a 00 00 - 7c 07 00 00 f0 09 00 00 h...t...|.......
000000000142fe60 04 06 00 00 f8 05 00 00 - 78 02 00 00 7c 02 00 00 ........x...|...

*----> State Dump for Thread Id 0xc28 <----*

eax=00000001 ebx=00000000 ecx=0012c39c edx=000b86e4 esi=000b86a8 edi=00000000
eip=7c90eb94 esp=0118fe1c ebp=0118ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0118ff80 77e76c2b 0118ffa8 77e76a4d 000b86a8 ntdll!KiFastSystemCallRet
0118ff88 77e76a4d 000b86a8 00cf8178 00d02138 RPCRT4!I_RpcBCacheFree+0x5e3
0118ffa8 77e76c13 000b8560 0118ffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
0118ffb4 7c80b683 00177480 00cf8178 00d02138 RPCRT4!I_RpcBCacheFree+0x5cb
0118ffec 00000000 77e76bf9 00177480 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000118fe1c 99 e3 90 7c 13 67 e7 77 - d8 01 00 00 70 ff 18 01 ...|.g.w....p...
000000000118fe2c 00 00 00 00 30 52 0d 00 - 54 ff 18 01 b0 22 64 e3 ....0R..T...."d.
000000000118fe3c c4 eb 54 eb 98 22 64 e3 - 9c 22 64 e3 00 f3 fb 86 ..T.."d.."d.....
000000000118fe4c f8 18 5b 80 02 b6 bc 85 - 00 00 00 00 00 f3 fb 86 ..[.............
000000000118fe5c bc ec 51 80 00 e0 fd 7f - 01 00 00 00 00 00 00 00 ..Q.............
000000000118fe6c 07 00 00 00 54 07 00 00 - 53 07 00 00 00 f0 fd 7f ....T...S.......
000000000118fe7c 00 00 00 00 70 ec 75 83 - 88 eb 54 eb 00 00 00 00 ....p.u...T.....
000000000118fe8c 04 00 00 00 05 00 00 00 - 70 ec 75 83 02 00 00 00 ........p.u.....
000000000118fe9c 00 00 00 00 98 22 64 e3 - 70 ec 75 83 bc eb 54 eb ....."d.p.u...T.
000000000118feac 52 2f 60 80 20 84 43 e1 - d0 04 00 00 78 b6 bc 85 R/`. .C.....x...
000000000118febc 20 84 43 e1 3f 00 0f 00 - d0 04 00 00 00 00 00 00 .C.?...........
000000000118fecc 2c 84 43 e1 a0 b9 0d e1 - 99 22 64 e3 d8 eb 54 eb ,.C......"d...T.
000000000118fedc 86 36 60 80 8f c8 62 80 - d8 77 a0 e2 08 00 41 e1 .6`...b..w....A.
000000000118feec 00 00 00 00 00 21 50 e1 - 00 20 50 e1 a0 e7 4c e1 .....!P.. P...L.
000000000118fefc 00 30 50 e1 00 20 50 e1 - a8 20 50 e1 58 00 00 00 .0P.. P.. P.X...
000000000118ff0c 1c b7 bc 85 30 ec 54 eb - f4 04 b1 85 24 ec 54 eb ....0.T.....$.T.
000000000118ff1c 07 9e 4f 80 0f 9e 4f 80 - c4 04 b1 85 58 03 b1 85 ..O...O.....X...
000000000118ff2c 8c 03 b1 85 80 ff 18 01 - a9 66 e7 77 4c ff 18 01 .........f.wL...
000000000118ff3c b9 66 e7 77 ed 10 90 7c - e8 88 18 00 80 74 17 00 .f.w...|.....t..
000000000118ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xb20 <----*

eax=001309f9 ebx=000003b8 ecx=00180044 edx=000922c8 esi=0000004a edi=0163f45c
eip=7c90eb94 esp=0163f3b8 ebp=0163f3f4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\NETSHELL.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\stobject.dll -
ChildEBP RetAddr Args to Child
0163f3f4 7e41ed93 00080036 0000004a 00040204 ntdll!KiFastSystemCallRet
0163f41c 7ca26322 00080036 0000004a 00040204 USER32!SendMessageTimeoutW+0x21
0163f828 764549a5 00000001 0163f83c 0163fc84 SHELL32!Shell_NotifyIconW+0x12d
0163fbf8 76454e82 00000008 000000c1 0163fc1c NETSHELL+0x549a5
0163fc08 764108ce 00040204 00000008 000000c1 NETSHELL+0x54e82
0163fc1c 7e418734 00040204 00000405 00000008 NETSHELL!NormalizeExtendedStatus+0x2d8f
0163fc48 7e418816 76401b9f 00040204 00000405 USER32!GetDC+0x6d
0163fcb0 7e4189cd 0015c7a8 76401b9f 00040204 USER32!GetDC+0x14f
0163fd10 7e418a10 0163fd68 00000000 0163fd8c USER32!GetWindowLongW+0x127
0163fd20 7628155a 0163fd68 35cec8a3 76280000 USER32!DispatchMessageW+0xf
0163fd8c 76283746 76280000 00000000 00020202 stobject+0x155a
0163ffb4 7c80b683 00000000 35cec8a3 11d22be6 stobject!DllCanUnloadNow+0x1fa4
0163ffec 00000000 762836f7 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000163f3b8 be 94 41 7e 5b ed 41 7e - 36 00 08 00 4a 00 00 00 ..A~[.A~6...J...
000000000163f3c8 04 02 04 00 48 f4 63 01 - e4 f3 63 01 b2 02 00 00 ....H.c...c.....
000000000163f3d8 00 00 00 00 f4 fb 63 01 - 01 00 00 00 03 00 00 00 ......c.........
000000000163f3e8 a0 0f 00 00 00 00 00 00 - 00 00 00 00 1c f4 63 01 ..............c.
000000000163f3f8 93 ed 41 7e 36 00 08 00 - 4a 00 00 00 04 02 04 00 ..A~6...J.......
000000000163f408 48 f4 63 01 03 00 00 00 - a0 0f 00 00 5c f4 63 01 H.c.........\.c.
000000000163f418 00 00 00 00 28 f8 63 01 - 22 63 a2 7c 36 00 08 00 ....(.c."c.|6...
000000000163f428 4a 00 00 00 04 02 04 00 - 48 f4 63 01 03 00 00 00 J.......H.c.....
000000000163f438 a0 0f 00 00 5c f4 63 01 - 9f 1b 40 76 00 00 00 00 ....\.c...@v....
000000000163f448 01 00 00 00 c0 03 00 00 - 64 f4 63 01 3c f8 63 01 ........d.c.<.c.
000000000163f458 36 00 08 00 00 00 00 00 - 3f 00 00 00 23 34 75 34 6.......?...#4u4
000000000163f468 01 00 00 00 b8 03 00 00 - 04 02 04 00 08 00 00 00 ................
000000000163f478 0a 00 00 00 00 00 00 00 - 2f 06 73 01 00 00 00 00 ......../.s.....
000000000163f488 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f498 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f4a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f4b8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f4c8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f4d8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000163f4e8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xd90 <----*

eax=00000001 ebx=00865a90 ecx=0172fd88 edx=7c90eb94 esi=0172fe14 edi=164be000
eip=7c90eb94 esp=0172fdd0 ebp=0172fdec iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WPDShServiceObj.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0172fdec 164aa888 0172fe14 00000000 00000000 ntdll!KiFastSystemCallRet
0172ff50 77f76f42 00865a90 00faf314 7c90ee18 WPDShServiceObj+0xa888
0172ffb4 7c80b683 00000000 00faf314 7c90ee18 SHLWAPI!Ordinal505+0x3e9
0172ffec 00000000 77f76ed3 00faf3f8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000172fdd0 be 91 41 7e f1 91 41 7e - 14 fe 72 01 00 00 00 00 ..A~..A~..r.....
000000000172fde0 00 00 00 00 00 00 00 00 - d4 19 4a 16 50 ff 72 01 ..........J.P.r.
000000000172fdf0 88 a8 4a 16 14 fe 72 01 - 00 00 00 00 00 00 00 00 ..J...r.........
000000000172fe00 00 00 00 00 0d 9d 72 01 - 00 00 00 00 00 00 00 00 ......r.........
000000000172fe10 00 00 00 00 7c 01 09 00 - 13 01 00 00 0d 00 00 00 ....|...........
000000000172fe20 00 00 00 00 dd 57 07 04 - 3e 03 00 00 fe 01 00 00 .....W..>.......
000000000172fe30 01 00 00 00 90 5a 86 00 - a5 83 4a 16 b2 83 4a 16 .....Z....J...J.
000000000172fe40 35 3c 5b 80 bc 65 6f 83 - ec 65 6f 83 48 65 6f 83 5<[..eo..eo.Heo.
000000000172fe50 1e 00 f8 00 40 e4 6b e3 - 3c 00 f8 00 5e e4 6b e3 ....@.k.<...^.k.
000000000172fe60 e4 88 fc 86 de db 52 80 - 58 0b 7d ee 3b 00 00 00 ......R.X.}.;...
000000000172fe70 c4 6e 57 80 e8 88 fc 86 - 00 00 00 00 a8 00 00 e1 .nW.............
000000000172fe80 44 f3 4f 77 c0 68 60 77 - 11 00 00 00 10 00 00 00 D.Ow.h`w........
000000000172fe90 17 00 00 00 b4 fe 72 01 - c3 f4 4f 77 ac 33 0a 00 ......r...Ow.3..
000000000172fea0 17 00 00 00 01 00 00 00 - bc d6 4f 77 24 3d 10 00 ..........Ow$=..
000000000172feb0 c4 fe 72 01 dc d7 4f 77 - 20 3d 10 00 0a d2 4f 77 ..r...Ow =....Ow
000000000172fec0 60 68 60 77 d7 d1 4f 77 - 68 68 60 77 e1 f5 4f 77 `h`w..Owhh`w..Ow
000000000172fed0 14 b8 4c 01 50 ff 72 01 - 28 b8 4c 01 a5 d8 4f 77 ..L.P.r.(.L...Ow
000000000172fee0 84 33 0a 00 14 b8 4c 01 - 50 ff 72 01 ad f1 4f 77 .3....L.P.r...Ow
000000000172fef0 66 97 80 7c 50 ff 72 01 - 3c 68 60 77 00 00 00 00 f..|P.r.<h`w....
000000000172ff00 28 ff 72 01 f3 f0 4f 77 - 14 b8 4c 01 28 b8 4c 01 (.r...Ow..L.(.L.

*----> State Dump for Thread Id 0xd28 <----*

eax=164be3e8 ebx=0176fd0c ecx=0176fd78 edx=7c90eb94 esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=0176fce4 ebp=0176fd80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0176fd80 7e4195f9 00000002 0176fda8 00000000 ntdll!KiFastSystemCallRet
0176fddc 164a9bea 00000001 0176fe2c ffffffff USER32!GetLastInputInfo+0x105
0176ff50 77f76f42 00865a90 00faf314 7c90ee18 WPDShServiceObj+0x9bea
0176ffb4 7c80b683 00000000 00faf314 7c90ee18 SHLWAPI!Ordinal505+0x3e9
0176ffec 00000000 77f76ed3 00faf3f8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000176fce4 ab e9 90 7c e2 94 80 7c - 02 00 00 00 0c fd 76 01 ...|...|......v.
000000000176fcf4 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000176fd04 02 00 00 00 02 00 00 00 - f0 05 00 00 7c 06 00 00 ............|...
000000000176fd14 18 6a dd 77 51 6a dd 77 - a8 31 4a 16 01 00 00 80 .j.wQj.w.1J.....
000000000176fd24 64 00 00 00 18 00 00 00 - 14 00 00 00 01 00 00 00 d...............
000000000176fd34 90 8e 4a 01 00 00 00 00 - 00 00 00 00 56 00 56 00 ..J.........V.V.
000000000176fd44 a8 31 4a 16 00 00 00 00 - 00 90 fd 7f 00 a0 fa 7f .1J.............
000000000176fd54 3e 86 00 00 00 00 00 00 - 0c fd 76 01 98 fd 76 01 >.........v...v.
000000000176fd64 02 00 00 00 00 fd 76 01 - 8c fd 76 01 44 ff 76 01 ......v...v.D.v.
000000000176fd74 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 dc fd 76 01 ...|...|......v.
000000000176fd84 f9 95 41 7e 02 00 00 00 - a8 fd 76 01 00 00 00 00 ..A~......v.....
000000000176fd94 ff ff ff ff 01 00 00 00 - 00 00 00 00 9b 92 41 7e ..............A~
000000000176fda4 01 00 00 00 f0 05 00 00 - 7c 06 00 00 63 ae 4b 16 ........|...c.K.
000000000176fdb4 00 00 00 00 00 00 00 00 - 8b dc 90 7c 3a 21 83 7c ...........|:!.|
000000000176fdc4 f0 05 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
000000000176fdd4 00 a0 fa 7f 7c 06 00 00 - 50 ff 76 01 ea 9b 4a 16 ....|...P.v...J.
000000000176fde4 01 00 00 00 2c fe 76 01 - ff ff ff ff 00 01 00 00 ....,.v.........
000000000176fdf4 a8 fd 76 01 0d 9d 76 01 - 00 00 00 00 00 00 00 00 ..v...v.........
000000000176fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000176fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x450 <----*

eax=72d230e8 ebx=01fbfef8 ecx=000000c9 edx=014c8b88 esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=01fbfed0 ebp=01fbff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
01fbff6c 7c80a075 00000002 01fbffa4 00000000 ntdll!KiFastSystemCallRet
01fbff88 72d2312a 00000002 01fbffa4 00000000 kernel32!WaitForMultipleObjects+0x18
01fbffb4 7c80b683 00000000 00000000 00090000 wdmaud!midMessage+0x348
01fbffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001fbfed0 ab e9 90 7c e2 94 80 7c - 02 00 00 00 f8 fe fb 01 ...|...|........
0000000001fbfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001fbfef0 00 00 00 00 00 00 00 00 - 08 07 00 00 00 07 00 00 ................
0000000001fbff00 2f 0b 5b 80 68 d9 08 86 - 20 84 43 e1 a8 ad 72 83 /.[.h... .C...r.
0000000001fbff10 a0 6c fc 86 cc 9c 74 83 - 14 00 00 00 01 00 00 00 .l....t.........
0000000001fbff20 70 3f 4c 01 00 00 00 00 - 00 00 00 00 64 9b 74 83 p?L.........d.t.
0000000001fbff30 00 00 00 00 78 8b 63 80 - 00 90 fd 7f 00 c0 fa 7f ....x.c.........
0000000001fbff40 00 c0 fa 7f 00 00 00 00 - f8 fe fb 01 00 00 00 00 ................
0000000001fbff50 02 00 00 00 ec fe fb 01 - 00 00 00 00 dc ff fb 01 ................
0000000001fbff60 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 88 ff fb 01 ...|...|........
0000000001fbff70 75 a0 80 7c 02 00 00 00 - a4 ff fb 01 00 00 00 00 u..|............
0000000001fbff80 ff ff ff ff 00 00 00 00 - b4 ff fb 01 2a 31 d2 72 ............*1.r
0000000001fbff90 02 00 00 00 a4 ff fb 01 - 00 00 00 00 ff ff ff ff ................
0000000001fbffa0 00 00 09 00 08 07 00 00 - 00 07 00 00 00 00 00 00 ................
0000000001fbffb0 dc e2 90 7c ec ff fb 01 - 83 b6 80 7c 00 00 00 00 ...|.......|....
0000000001fbffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 c0 fa 7f ................
0000000001fbffd0 00 06 fc 86 c0 ff fb 01 - 50 f3 06 86 ff ff ff ff ........P.......
0000000001fbffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000001fbfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00 .....0.r........
0000000001fc0000 c8 00 00 00 3c 01 00 00 - ff ee ff ee 02 10 00 00 ....<...........

*----> State Dump for Thread Id 0x71c <----*

eax=00000000 ebx=00000740 ecx=7ffdc000 edx=76b60360 esi=00e7ff98 edi=7e42e002
eip=7c90eb94 esp=00e7ff54 ebp=00e7ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00e7ff78 76b44e3d 00e7ff98 00000000 00000000 ntdll!KiFastSystemCallRet
00e7ffb4 7c80b683 00000740 00000200 0000002b WINMM!PlaySoundW+0x7e6
00e7ffec 00000000 76b44dd6 00000740 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e7ff54 be 91 41 7e 42 e0 42 7e - 98 ff e7 00 00 00 00 00 ..A~B.B~........
0000000000e7ff64 00 00 00 00 00 00 00 00 - 40 07 00 00 02 e0 42 7e ........@.....B~
0000000000e7ff74 00 00 00 00 b4 ff e7 00 - 3d 4e b4 76 98 ff e7 00 ........=N.v....
0000000000e7ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
0000000000e7ff94 2b 00 00 00 8c 06 05 00 - bc 03 00 00 60 84 18 00 +...........`...
0000000000e7ffa4 00 00 00 00 3f 7a 06 04 - c4 02 00 00 42 01 00 00 ....?z......B...
0000000000e7ffb4 ec ff e7 00 83 b6 80 7c - 40 07 00 00 00 02 00 00 .......|@.......
0000000000e7ffc4 2b 00 00 00 40 07 00 00 - 00 c0 fd 7f 00 06 fc 86 +...@...........
0000000000e7ffd4 c0 ff e7 00 58 b2 52 85 - ff ff ff ff a8 9a 83 7c ....X.R........|
0000000000e7ffe4 90 b6 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
0000000000e7fff4 d6 4d b4 76 40 07 00 00 - 00 00 00 00 41 63 74 78 .M.v@.......Actx
0000000000e80004 20 00 00 00 01 00 00 00 - a4 07 00 00 7c 00 00 00 ...........|...
0000000000e80014 00 00 00 00 20 00 00 00 - 00 00 00 00 14 00 00 00 .... ...........
0000000000e80024 01 00 00 00 03 00 00 00 - 34 00 00 00 ac 00 00 00 ........4.......
0000000000e80034 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e80044 00 00 00 00 00 00 00 00 - 02 00 00 00 00 00 00 00 ................
0000000000e80054 00 00 00 00 00 00 00 00 - a8 01 00 00 fe 01 00 00 ................
0000000000e80064 00 00 00 00 dc 2f 4f b4 - a8 03 00 00 24 00 00 00 ...../O.....$...
0000000000e80074 d0 03 00 00 ae 02 00 00 - 10 00 00 00 02 00 00 00 ................
0000000000e80084 8c 00 00 00 02 00 00 00 - 01 00 00 00 ac 00 00 00 ................

*----> State Dump for Thread Id 0x2bf0 <----*

eax=00000000 ebx=00000000 ecx=0211f25c edx=7c90eb94 esi=7c97c380 edi=7c97c3a0
eip=7c90eb94 esp=0211ff70 ebp=0211ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0211ffb4 7c80b683 00000000 00faf9e0 00faf9e0 ntdll!KiFastSystemCallRet
0211ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000211ff70 1b e3 90 7c 9d 07 91 7c - 18 02 00 00 ac ff 11 02 ...|...|........
000000000211ff80 b0 ff 11 02 98 ff 11 02 - a0 ff 11 02 e0 f9 fa 00 ................
000000000211ff90 e0 f9 fa 00 00 00 00 00 - 00 00 00 00 48 9b 18 00 ............H...
000000000211ffa0 00 7c 28 e8 ff ff ff ff - 35 0c 6d 80 69 75 92 7c .|(.....5.m.iu.|
000000000211ffb0 c0 c6 15 00 ec ff 11 02 - 83 b6 80 7c 00 00 00 00 ...........|....
000000000211ffc0 e0 f9 fa 00 e0 f9 fa 00 - 00 00 00 00 00 e0 fd 7f ................
000000000211ffd0 00 06 fc 86 c0 ff 11 02 - 28 69 09 86 ff ff ff ff ........(i......
000000000211ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000211fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00 ....`..|........
0000000002120000 c8 00 00 00 fe 01 00 00 - ff ee ff ee 02 10 00 00 ................
0000000002120010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..
0000000002120020 00 02 00 00 00 20 00 00 - 21 05 00 00 ff ef fd 7f ..... ..!.......
0000000002120030 12 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002120040 00 00 00 00 98 05 12 02 - 0f 00 00 00 f8 ff ff ff ................
0000000002120050 50 00 12 02 50 00 12 02 - 40 06 12 02 00 00 00 00 P...P...@.......
0000000002120060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002120070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002120080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002120090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021200a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4970 <----*

eax=774fe429 ebx=00007530 ecx=0211ecc0 edx=00090000 esi=00000000 edi=025dff50
eip=7c90eb94 esp=025dff20 ebp=025dff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
025dff78 7c802451 0000ea60 00000000 025dffb4 ntdll!KiFastSystemCallRet
025dff88 774fe31d 0000ea60 00109ac8 774fe3dc kernel32!Sleep+0xf
025dffb4 7c80b683 00109ac8 0211ef70 00000010 ole32!StringFromGUID2+0x51b
025dffec 00000000 774fe429 00109ac8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000025dff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff 5d 02 \..|.#.|....P.].
00000000025dff30 40 25 80 7c f8 6d 60 77 - 30 75 00 00 14 00 00 00 @%.|.m`w0u......
00000000025dff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
00000000025dff50 00 ba 3c dc ff ff ff ff - b4 fe 5d 02 50 ff 5d 02 ..<.......].P.].
00000000025dff60 30 ff 5d 02 b4 fe 5d 02 - dc ff 5d 02 a8 9a 83 7c 0.]...]...]....|
00000000025dff70 58 24 80 7c 00 00 00 00 - 88 ff 5d 02 51 24 80 7c X$.|......].Q$.|
00000000025dff80 60 ea 00 00 00 00 00 00 - b4 ff 5d 02 1d e3 4f 77 `.........]...Ow
00000000025dff90 60 ea 00 00 c8 9a 10 00 - dc e3 4f 77 00 00 00 00 `.........Ow....
00000000025dffa0 70 ef 11 02 c8 9a 10 00 - 00 00 4e 77 44 e4 4f 77 p.........NwD.Ow
00000000025dffb0 10 00 00 00 ec ff 5d 02 - 83 b6 80 7c c8 9a 10 00 ......]....|....
00000000025dffc0 70 ef 11 02 10 00 00 00 - c8 9a 10 00 00 70 fa 7f p............p..
00000000025dffd0 00 06 fc 86 c0 ff 5d 02 - 18 86 a0 83 ff ff ff ff ......].........
00000000025dffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
00000000025dfff0 00 00 00 00 29 e4 4f 77 - c8 9a 10 00 00 00 00 00 ....).Ow........
00000000025e0000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............
00000000025e0010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@.......
00000000025e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000025e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 e0 00 00 00 ................
00000000025e0040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th
00000000025e0050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno

*----> State Dump for Thread Id 0x5580 <----*

eax=02c448c0 ebx=015efb6c ecx=02c38cf0 edx=00000051 esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=015efb44 ebp=015efbe0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=1f80 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\DUSER.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
015efbe0 7e4195f9 00000002 015efc08 00000000 ntdll!KiFastSystemCallRet
015efc3c 6c1e4b92 00000001 015efc70 ffffffff USER32!GetLastInputInfo+0x105
015efc5c 6c1e4cfd 000024ff ffffffff 00000000 DUSER+0x34b92
015efc80 6c1e4ef9 000024ff 00000000 015efcac DUSER+0x34cfd
015efc90 7e458c03 000024ff 00000000 00000064 DUSER+0x34ef9
015efcac 7c90eae3 015efcbc 00000008 000024ff USER32!DdeConnectList+0x955
015eff20 75fa5325 014dbd00 0007e394 00000004 ntdll!KiUserCallbackDispatcher+0x13
015effb4 7c80b683 014dbd00 0007e394 00000004 BROWSEUI!Ordinal138+0x7b45
015effec 00000000 75fa52d5 014dbd00 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000015efb44 ab e9 90 7c e2 94 80 7c - 02 00 00 00 6c fb 5e 01 ...|...|....l.^.
00000000015efb54 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015efb64 02 00 00 00 00 00 00 00 - 34 08 00 00 88 08 00 00 ........4.......
00000000015efb74 30 07 2b 00 13 01 00 00 - 0a 00 00 00 00 00 00 00 0.+.............
00000000015efb84 c3 c9 7b 03 1a 03 00 00 - 14 00 00 00 01 00 00 00 ..{.............
00000000015efb94 00 00 00 00 00 00 00 00 - 10 00 00 00 ff ff ff ff ................
00000000015efba4 d0 fb 5e 01 34 87 41 7e - 00 90 fd 7f 00 80 fd 7f ..^.4.A~........
00000000015efbb4 0a 00 00 00 00 00 00 00 - 6c fb 5e 01 cd ab ba dc ........l.^.....
00000000015efbc4 02 00 00 00 60 fb 5e 01 - c3 c9 7b 03 a4 ff 5e 01 ....`.^...{...^.
00000000015efbd4 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 3c fc 5e 01 ...|...|....<.^.
00000000015efbe4 f9 95 41 7e 02 00 00 00 - 08 fc 5e 01 00 00 00 00 ..A~......^.....
00000000015efbf4 ff ff ff ff 00 00 00 00 - ff ff ff ff 01 00 00 00 ................
00000000015efc04 9c 92 80 7c 34 08 00 00 - 88 08 00 00 8e 72 1e 6c ...|4........r.l
00000000015efc14 ff ff ff ff a9 72 1e 6c - b0 54 07 04 60 ca 15 00 .....r.l.T..`...
00000000015efc24 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015efc34 00 80 fd 7f 88 08 00 00 - 5c fc 5e 01 92 4b 1e 6c ........\.^..K.l
00000000015efc44 01 00 00 00 70 fc 5e 01 - ff ff ff ff ff 24 00 00 ....p.^......$..
00000000015efc54 08 fc 5e 01 c0 48 c4 02 - 80 fc 5e 01 fd 4c 1e 6c ..^..H....^..L.l
00000000015efc64 ff 24 00 00 ff ff ff ff - 00 00 00 00 34 08 00 00 .$..........4...
00000000015efc74 00 00 00 00 58 97 c3 02 - 00 00 00 00 90 fc 5e 01 ....X.........^.

*----> State Dump for Thread Id 0x5588 <----*

eax=024d1010 ebx=021dfde8 ecx=024a0760 edx=00000002 esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=021dfdc0 ebp=021dfe5c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
021dfe5c 7e4195f9 00000002 021dfe84 00000000 ntdll!KiFastSystemCallRet
021dfeb8 6c1e4b92 00000001 021dfeec ffffffff USER32!GetLastInputInfo+0x105
021dfed8 6c1e4ddc 000004ff ffffffff 00000001 DUSER+0x34b92
021dff0c 6c1de394 021dff4c 00000000 00000000 DUSER+0x34ddc
021dff2c 6c1da6f1 021dff4c 00000000 00000000 DUSER!GetMessageExA+0x44
021dff80 77c3a3b0 00000000 7c910000 7c9131dc DUSER!DUserStopAnimation+0xa505
021dffb4 7c80b683 00866df0 7c910000 7c9131dc msvcrt!endthreadex+0xa9
021dffec 00000000 77c3a341 00866df0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000021dfdc0 ab e9 90 7c e2 94 80 7c - 02 00 00 00 e8 fd 1d 02 ...|...|........
00000000021dfdd0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021dfde0 02 00 00 00 04 00 00 00 - 68 09 00 00 98 04 00 00 ........h.......
00000000021dfdf0 92 11 01 66 d0 00 00 00 - d0 01 00 00 00 20 4d 02 ...f......... M.
00000000021dfe00 40 fe 1d 02 b1 a2 1c 6c - 14 00 00 00 01 00 00 00 @......l........
00000000021dfe10 00 00 00 00 00 00 00 00 - 10 00 00 00 00 20 4d 02 ............. M.
00000000021dfe20 01 00 04 00 00 00 00 00 - 00 90 fd 7f 00 40 fd 7f .............@..
00000000021dfe30 a4 ff 1d 02 00 00 00 00 - e8 fd 1d 02 ff ff ff ff ................
00000000021dfe40 02 00 00 00 dc fd 1d 02 - 00 20 4d 02 a4 ff 1d 02 ......... M.....
00000000021dfe50 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 b8 fe 1d 02 ...|...|........
00000000021dfe60 f9 95 41 7e 02 00 00 00 - 84 fe 1d 02 00 00 00 00 ..A~............
00000000021dfe70 ff ff ff ff 00 00 00 00 - 78 d4 4e 01 01 00 00 00 ........x.N.....
00000000021dfe80 4c ff 1d 02 68 09 00 00 - 98 04 00 00 8e 72 1e 6c L...h........r.l
00000000021dfe90 ff ff ff ff a9 72 1e 6c - 99 1b 05 04 f8 99 cc 02 .....r.l........
00000000021dfea0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000021dfeb0 00 40 fd 7f 98 04 00 00 - d8 fe 1d 02 92 4b 1e 6c .@...........K.l
00000000021dfec0 01 00 00 00 ec fe 1d 02 - ff ff ff ff ff 04 00 00 ................
00000000021dfed0 84 fe 1d 02 ff ff ff ff - 0c ff 1d 02 dc 4d 1e 6c .............M.l
00000000021dfee0 ff 04 00 00 ff ff ff ff - 01 00 00 00 68 09 00 00 ............h...
00000000021dfef0 00 00 00 00 00 00 00 00 - f0 6d 86 00 01 00 00 00 .........m......
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#14 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 06 March 2008 - 06:43 PM

And the dump file. I think there's something wrong with it because it's so short and I couldn't see any real information. I did everything that the post on MajorGeeks said. Comodo alerted me, but I allowed the application. Then the file loaded, but it said Debuggee failed. So I closed the program and ran it again and it came up with this.


Microsoft Windows Debugger Version 6.8.0004.0 X86
Copyright Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Thu Mar 6 15:28:42.000 2008 (GMT-8)
System Uptime: not available
Process Uptime: 0 days 13:29:44.000
.......................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(fe0.898): Access violation - code c0000005 (first/second chance not available)
eax=00750063 ebx=00000000 ecx=22200000 edx=73530524 esi=00d41e94 edi=00000000
eip=734630ff esp=00fafd18 ebp=00fafd3c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvbvm60.dll -
msvbvm60!Zombie_QueryInterface+0x1482e:
734630ff 8b500c mov edx,dword ptr [eax+0Ch] ds:0023:0075006f=????????



Edit: Did a little more reading. I think I took the wrong dump file. Apparently it's really SUPPOSED to be in C:\Windows\minidump but I don't have it. Most of the google searches and the computer system properties say that the pagefile.sys needs to be in the root directory. Well, I did a search and the only pagefile i found was pagefileconfig.vbs. Maybe that's why the minidumps aren't being saved?
Where is my pagefile.sys >_<
Re-edit: Never mind. I found it. Apparently it's one of those files that requires 'Show protected operating system files." The pagefile is 1.5GB.... But since I do have the pagefile, what's making the minidump not save?

Edited by skyfuser, 06 March 2008 - 09:32 PM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#15 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:52 PM

Posted 06 March 2008 - 08:56 PM

Ok, I was away for an hour or so and scanned with Avast!
Apparently it found nothing but it brought up that the C:\symbols CAB archive was corrupt. Maybe that's what's causing the debugging error?
I'm going to delete the symbols file and retry.
Also, the link in the symbol file path to Microsoft has an error. Something about could not retrieve information. Does that mean it's necessary to manually download the 650MB or so of symbols?

Edited by skyfuser, 06 March 2008 - 09:30 PM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users