error log

  • Thread starter Thread starter Paul
  • Start date Start date
P

Paul

Hi, can a dr watson error log be posted here for some help on an internet
explorer error i keep getting?
thanks
 
Paul said:
Hi, can a dr watson error log be posted here for some help on an internet explorer
error i keep getting?
Click to expand...

*Crossposting to Win 98 Discussion and Win ME General*

'How to troubleshoot program faults with Dr. Watson'
The KB states how to save a log.
http://support.microsoft.com/default.aspx?scid=kb;en-us;275481

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.
 
Just post the error, please (e.g., "doodah.dll caused a general protection
fault in Iexplore.exe"; Registers not needed).
 
PA Bear said:
Just post the error, please (e.g., "doodah.dll caused a general protection fault
in Iexplore.exe"; Registers not needed).
Click to expand...

Now that I've posted the KB which instructs how-to fetch a log out of
Dr. Watson, well shall see what gives.

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.
 
im running xp home with sp2
log is as follows:
Application exception occurred:
App: C:\Program Files\Internet Explorer\IEXPLORE.EXE (pid=4080)
When: 10/14/2005 @ 13:06:11.750
Exception number: 80000007
()

*----> System Information <----*
Computer Name: MAIN
User Name: Paul
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 12 Stepping 0
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: paul

*----> Task List <----*
0 System Process
4 System
488 smss.exe
560 csrss.exe
584 winlogon.exe
628 services.exe
640 lsass.exe
796 svchost.exe
852 svchost.exe
916 svchost.exe
956 svchost.exe
1068 svchost.exe
1084 ccEvtMgr.exe
1232 spoolsv.exe
1588 mdm.exe
1612 navapsvc.exe
1628 NPROTECT.EXE
1652 nvsvc32.exe
1776 Tablet.exe
1836 wdfmgr.exe
480 alg.exe
1400 Explorer.EXE
144 DAP.EXE
200 HPWuSchd.exe
360 hphmon05.exe
428 hpztsb09.exe
464 RunDll32.exe
888 ccApp.exe
944 svchost.exe
1376 ctfmon.exe
3532 msmsgs.exe
3624 MsnMsgr.Exe
3728 HPZipm12.exe
3856 TabUserW.exe
4028 WZQKPICK.EXE
4088 IMApp.exe
2972 svchost.exe
2540 sb32mon.exe
3700 realsched.exe
4080 IEXPLORE.EXE
2016 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet
Explorer\IEXPLORE.EXE
(0000000001190000 - 0000000001455000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001fa0000 - 0000000001fae000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(0000000002630000 - 00000000026b8000: C:\WINDOWS\system32\shdoclc.dll
(0000000002e10000 - 00000000030d6000: C:\WINDOWS\system32\msi.dll
(00000000030e0000 - 00000000030f6000: C:\WINDOWS\sbhks.dll
(0000000003ae0000 - 0000000003afb000: C:\Program Files\Common Files\Symantec
Shared\Script Blocking\scrauth.dll
(0000000003c10000 - 0000000003c2e000: C:\Program Files\Common Files\Symantec
Shared\Script Blocking\ScrBlock.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010010000: C:\WINDOWS\system32\tabhook.dll
(0000000020000000 - 0000000020012000: C:\WINDOWS\system32\browselc.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(00000000605d0000 - 00000000605d9000: C:\WINDOWS\system32\mslbui.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000067dc0000 - 0000000067dd3000: C:\Program
Files\IncrediMail\bin\ImHook.dll
(0000000068100000 - 0000000068124000: C:\WINDOWS\system32\dssenh.dll
(0000000069000000 - 0000000069046000: C:\PROGRA~1\MSNMES~1\msgsc.dll
(000000006c370000 - 000000006c462000: C:\Program Files\DAP\MFC42.DLL
(000000006d430000 - 000000006d43a000: C:\WINDOWS\system32\ddrawex.dll
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\wsock32.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\sensapi.dll
(0000000072b20000 - 0000000072b38000: C:\WINDOWS\system32\plugin.ocx
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073300000 - 0000000073367000: c:\windows\system32\vbscript.dll
(0000000073760000 - 00000000737a9000: C:\WINDOWS\system32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\system32\DCIMAN32.dll
(00000000746c0000 - 00000000746e7000: C:\WINDOWS\system32\msls31.dll
(00000000746f0000 - 000000007471a000: C:\WINDOWS\system32\msimtf.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074980000 - 0000000074ab0000: C:\WINDOWS\system32\msxml3.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075c50000 - 0000000075cbe000: c:\windows\system32\jscript.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\mlang.dll
(0000000075e60000 - 0000000075e73000: C:\WINDOWS\system32\cryptnet.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(00000000767f0000 - 0000000076817000: C:\WINDOWS\system32\schannel.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.DLL
(0000000076f20000 - 0000000076f47000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fb0000 - 0000000076fb8000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc6000: C:\WINDOWS\system32\rasadhlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772ff000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000079170000 - 0000000079196000: C:\WINDOWS\system32\mscoree.dll
(0000000079410000 - 0000000079425000:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d4a0000 - 000000007d787000: C:\WINDOWS\system32\mshtml.dll

*----> State Dump for Thread Id 0x490 <----*

eax=00000001 ebx=00000000 ecx=021bd010 edx=00181744 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=0013fb60 ebp=0013fbe8 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHDOCVW.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Internet Explorer\IEXPLORE.EXE -
ChildEBP RetAddr Args to Child
0013fbe8 7c90104b 0197c0d8 7c917332 7c97c0d8 ntdll!KiFastSystemCallRet
0013fcdc 7c80aa7f 77760000 0013fe80 0013fea4
ntdll!RtlEnterCriticalSection+0x46
0013fcf0 77513442 77760000 0013fec0 77513456 kernel32!FreeLibrary+0x19
0013fcfc 77513456 0013fe8c 0013fd24 776067e0
ole32!CoFreeUnusedLibraries+0xa9
0013fec0 7752fd6a 7752fee4 001523ba 0015c6c8
ole32!CoFreeUnusedLibraries+0xbd
0013fed8 774fee88 0013fef0 00000000 001622c8 ole32!CoGetComCatalog+0xd52
0013fef4 777e7230 00000000 00000000 001523ba ole32!CoUninitialize+0x52
0013ff10 00402372 001523ba 00000001 011bcf78 SHDOCVW!Ordinal101+0x143
0013ff60 00402444 00400000 00000000 001523ba IEXPLORE+0x2372
0013ffc0 7c816d4f 011bcf78 00000018 7ffd8000 IEXPLORE+0x2444
0013fff0 00000000 00402451 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013fb60 c0 e9 90 7c 1b 90 91 7c - b0 03 00 00 00 00 00 00
....|...|........
000000000013fb70 00 00 00 00 68 fe 13 00 - 80 fe 13 00 00 00 00 00
.....h...........
000000000013fb80 00 00 15 00 32 07 91 7c - 07 00 00 00 d8 07 15 00
.....2..|........
000000000013fb90 00 00 15 00 c8 68 1b 00 - 88 fb 13 00 d0 fb 13 00
......h..........
000000000013fba0 00 00 15 00 a0 c9 16 00 - 05 03 00 00 d0 fb 13 00
.................
000000000013fbb0 ff 1b 91 7c 00 00 15 00 - a0 c9 16 00 a0 c9 16 00
....|............
000000000013fbc0 00 00 15 00 40 06 15 00 - 40 06 15 00 00 00 3c 00
.....@...@.....<.
000000000013fbd0 00 00 00 00 ac 1d 91 7c - 05 03 00 00 a0 c9 16 00
........|........
000000000013fbe0 00 00 00 00 b0 03 00 00 - dc fc 13 00 4b 10 90 7c
.............K..|
000000000013fbf0 d8 c0 97 01 32 73 91 7c - d8 c0 97 7c 68 fe 13 00
.....2s.|...|h...
000000000013fc00 80 fe 13 00 00 00 76 77 - 00 00 15 00 80 2a 06 08
.......vw.....*..
000000000013fc10 00 00 00 00 e8 fc 13 00 - 5c 0d 91 7c 00 00 15 00
.........\..|....
000000000013fc20 91 0e 91 7c 08 06 15 00 - 6d 05 91 7c 90 2a 06 08
....|....m..|.*..
000000000013fc30 d4 69 60 77 00 00 00 00 - 00 00 3c 06 0f 00 00 00
..i`w......<.....
000000000013fc40 80 2a 06 08 78 01 15 00 - 18 bf 16 00 70 e3 21 02
..*..x.......p.!.
000000000013fc50 bc bb 16 00 88 2a 06 08 - 00 00 3c 06 10 00 71 08
......*....<...q.
000000000013fc60 c8 4b 17 00 f8 b7 1f 00 - 70 bc 16 00 d8 35 1a 02
..K......p....5..
000000000013fc70 00 00 3c 06 40 00 00 00 - 18 20 18 00 00 00 00 00
...<.@.... ......
000000000013fc80 88 01 15 00 00 b8 1f 00 - 10 00 00 00 70 08 23 00
.............p.#.
000000000013fc90 48 00 00 00 00 00 00 00 - 60 bd 16 00 00 00 00 00
H.......`.......

*----> State Dump for Thread Id 0x92c <----*

eax=05654780 ebx=0219ffd8 ecx=02198778 edx=05654818 esi=7fffffff
edi=ffffffff
eip=7c90eb94 esp=028cfad0 ebp=028cfb0c iopl=0 nv up ei ng nz ac po
cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000297

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\mswsock.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WS2_32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WININET.dll -
ChildEBP RetAddr Args to Child
028cfb0c 71a55fa7 00000378 00000384 00000000 ntdll!KiFastSystemCallRet
028cfc00 71ab2e67 00000001 028cfe80 028cfc78 mswsock+0x5fa7
028cfc50 771d714f 00000001 028cfe80 028cfc78 WS2_32!select+0xa7
028cffac 771d9283 028cffec 7c80b50b 001a2798
WININET!GetUrlCacheEntryInfoExW+0x892
028cffb4 7c80b50b 001a2798 71ab1404 0000005d
WININET!InternetSetStatusCallback+0x1d7
028cffec 00000000 771d9276 001a2798 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000028cfad0 c0 e9 90 7c 33 40 a5 71 - 78 03 00 00 01 00 00 00
....|[email protected].......
00000000028cfae0 f8 fa 8c 02 b0 fb 8c 02 - 80 fe 8c 02 a0 fb 8c 02
.................
00000000028cfaf0 7c 60 bc a8 b7 d0 c5 01 - ff ff ff ff ff ff ff 7f
|`..............
00000000028cfb00 d8 ff 19 02 00 00 00 00 - 00 00 00 00 00 fc 8c 02
.................
00000000028cfb10 a7 5f a5 71 78 03 00 00 - 84 03 00 00 00 00 00 00
.._.qx...........
00000000028cfb20 04 00 00 00 7c fd 8c 02 - 60 8d 21 00 78 fc 8c 02
.....|...`.!.x...
00000000028cfb30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000028cfb40 01 00 00 00 80 0f 05 fd - ff ff ff ff 00 00 00 00
.................
00000000028cfb50 00 00 00 00 00 00 00 00 - 40 fb 8c 02 d8 ff 19 02
.........@.......
00000000028cfb60 33 27 00 00 1c fb 8c 02 - 04 00 00 00 dc ff 8c 02
3'..............
00000000028cfb70 34 fc 8c 02 b8 44 a5 71 - ff ff ff ff 1c 00 00 00
4....D.q........
00000000028cfb80 d8 ff 19 02 bc fb 8c 02 - 78 fc 8c 02 7c fd 8c 02
.........x...|...
00000000028cfb90 00 00 00 00 a0 fb 8c 02 - 00 00 00 00 00 00 00 00
.................
00000000028cfba0 80 0f 05 fd ff ff ff ff - 01 00 00 00 00 87 19 02
.................
00000000028cfbb0 84 03 00 00 19 00 00 00 - e4 fb 8c 02 a3 2e ad 71
................q
00000000028cfbc0 94 09 00 00 dc fb 8c 02 - 01 00 00 00 f4 fb 8c 02
.................
00000000028cfbd0 f0 fb 8c 02 00 00 00 00 - 00 00 00 00 01 00 00 00
.................
00000000028cfbe0 13 fc 8c 02 f8 80 00 00 - 24 fb 8c 02 0c 15 aa 71
.........$......q
00000000028cfbf0 40 fc 8c 02 c8 71 a7 71 - 68 2e a5 71 ff ff ff ff
@....q.qh..q....
00000000028cfc00 50 fc 8c 02 67 2e ab 71 - 01 00 00 00 80 fe 8c 02
P...g..q........

*----> State Dump for Thread Id 0x424 <----*

eax=000000c0 ebx=00000000 ecx=7c800000 edx=00000000 esi=00138b44
edi=02080000
eip=7c90eb94 esp=029cff9c ebp=029cffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
029cffb4 7c80b50b 00000000 02080000 00138b44 ntdll!KiFastSystemCallRet
029cffec 00000000 7c92798d 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000029cff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 9c 02
\..|.y.|........
00000000029cffac 00 00 00 00 00 00 00 80 - ec ff 9c 02 0b b5 80 7c
................|
00000000029cffbc 00 00 00 00 00 00 08 02 - 44 8b 13 00 00 00 00 00
.........D.......
00000000029cffcc 00 90 fd 7f 00 06 7c 86 - c0 ff 9c 02 a0 6e b0 85
.......|......n..
00000000029cffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
00000000029cffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00
..........y.|....
00000000029cfffc 00 00 00 00 02 02 02 02 - 02 01 02 02 02 02 02 02
.................
00000000029d000c 02 02 02 02 02 02 02 02 - 02 02 02 02 02 02 02 02
.................
00000000029d001c 02 02 02 02 02 02 02 02 - 02 02 02 02 02 02 02 02
.................
00000000029d002c 02 02 02 02 02 02 02 02 - 00 00 00 00 00 14 02 00
.................
00000000029d003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d006c 00 02 14 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d009c 00 00 00 00 00 03 01 00 - 00 00 00 00 00 00 00 00
.................
00000000029d00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000029d00cc 00 00 00 00 00 00 00 00 - 00 00 01 07 00 00 00 00
.................

*----> State Dump for Thread Id 0x414 <----*

eax=00170560 ebx=00000000 ecx=0017c458 edx=00000000 esi=00246f08
edi=00246fac
eip=7c90eb94 esp=02bcfe1c ebp=02bcff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
02bcff80 77e76c22 02bcffa8 77e76a3b 00246f08 ntdll!KiFastSystemCallRet
02bcff88 77e76a3b 00246f08 00000000 0013d7dc RPCRT4!I_RpcBCacheFree+0x5ea
02bcffa8 77e76c0a 00169e50 02bcffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
02bcffb4 7c80b50b 00170548 00000000 0013d7dc RPCRT4!I_RpcBCacheFree+0x5d2
02bcffec 00000000 77e76bf0 00170548 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002bcfe1c 99 e3 90 7c 03 67 e7 77 - 9c 03 00 00 70 ff bc 02
....|.g.w....p...
0000000002bcfe2c 00 00 00 00 98 42 23 02 - 54 ff bc 02 22 31 22 20
......B#.T..."1"
0000000002bcfe3c 2f 3e 0d 0a 20 20 20 20 - 20 20 20 20 3c 21 2d 2d />..
<!--
0000000002bcfe4c 20 31 20 74 02 20 65 6e - 00 00 6c 65 20 77 6f 72 1 t.
en..le wor
0000000002bcfe5c 64 77 68 65 65 6c 69 6e - 67 20 64 65 73 6b 74 6f
dwheeling deskto
0000000002bcfe6c 01 00 00 00 65 6d 73 20 - 2d 2d 3e 0d 0a 20 20 20
....ems -->..
0000000002bcfe7c 20 20 20 20 20 3c 73 74 - 72 69 6e 67 20 69 64 3d
<string id=
0000000002bcfe8c 22 64 62 5f 64 65 66 61 - 75 6c 74 70 72 65 66 5f
"db_defaultpref_
0000000002bcfe9c 68 6f 74 6b 65 79 22 20 - 74 65 78 74 3d 22 31 36 hotkey"
text="16
0000000002bcfeac 31 33 22 20 2f 3e 0d 0a - 20 20 20 20 20 20 20 20 13"
/>..
0000000002bcfebc 3c 21 2d 2d 20 68 6f 74 - 6b 65 79 20 69 73 20 63 <!--
hotkey is c
0000000002bcfecc 6f 64 65 64 20 61 73 20 - 61 20 57 69 6e 64 6f 77 oded as
a Window
0000000002bcfedc 73 20 48 6f 74 6b 65 79 - 20 44 57 4f 52 44 2c 20 s
Hotkey DWORD,
0000000002bcfeec 63 74 72 6c 2b 61 6c 74 - 2b 6d 20 69 73 20 31 36
ctrl+alt+m is 16
0000000002bcfefc 31 33 20 2d 2d 3e 0d 0a - 20 20 20 20 20 20 20 20
13 -->..
0000000002bcff0c 3c 73 74 72 69 6e 67 20 - ec 62 a5 85 24 ac df f3 <string
..b..$...
0000000002bcff1c d9 9a 4f 80 e1 9a 4f 80 - bc 62 a5 85 50 61 a5 85
...O...O..b..Pa..
0000000002bcff2c 84 61 a5 85 80 ff bc 02 - 99 66 e7 77 4c ff bc 02
..a.......f.wL...
0000000002bcff3c a9 66 e7 77 ed 10 90 7c - b0 35 1a 02 48 05 17 00
..f.w...|.5..H...
0000000002bcff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x6fc <----*

eax=774fe429 ebx=00007530 ecx=7ffd8000 edx=00000000 esi=00000000
edi=02d0ff50
eip=7c90eb94 esp=02d0ff20 ebp=02d0ff78 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
02d0ff78 7c802451 0000ea60 00000000 02d0ffb4 ntdll!KiFastSystemCallRet
02d0ff88 774fe31d 0000ea60 002219e8 774fe3dc kernel32!Sleep+0xf
02d0ffb4 7c80b50b 002219e8 7c910945 00000004 ole32!StringFromGUID2+0x51b
02d0ffec 00000000 774fe429 002219e8 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002d0ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff d0 02
\..|.#.|....P...
0000000002d0ff30 50 25 80 7c f8 6d 60 77 - 30 75 00 00 14 00 00 00
P%.|.m`w0u......
0000000002d0ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
0000000002d0ff50 00 ba 3c dc ff ff ff ff - fc fe d0 02 50 ff d0 02
...<.........P...
0000000002d0ff60 30 ff d0 02 2c ff d0 02 - dc ff d0 02 f3 99 83 7c
0...,..........|
0000000002d0ff70 58 24 80 7c 00 00 00 00 - 88 ff d0 02 51 24 80 7c
X$.|........Q$.|
0000000002d0ff80 60 ea 00 00 00 00 00 00 - b4 ff d0 02 1d e3 4f 77
`.............Ow
0000000002d0ff90 60 ea 00 00 e8 19 22 00 - dc e3 4f 77 00 00 00 00
`....."...Ow....
0000000002d0ffa0 45 09 91 7c e8 19 22 00 - 00 00 4e 77 44 e4 4f 77
E..|.."...NwD.Ow
0000000002d0ffb0 04 00 00 00 ec ff d0 02 - 0b b5 80 7c e8 19 22 00
............|..".
0000000002d0ffc0 45 09 91 7c 04 00 00 00 - e8 19 22 00 00 50 fd 7f
E..|......"..P..
0000000002d0ffd0 00 06 7c 86 c0 ff d0 02 - b8 e8 e2 85 ff ff ff ff
...|.............
0000000002d0ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000002d0fff0 00 00 00 00 29 e4 4f 77 - e8 19 22 00 00 00 00 00
.....).Ow..".....
0000000002d10000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x324 <----*

eax=7ffd4000 ebx=00000000 ecx=002304f0 edx=00000000 esi=00246f08
edi=00246fac
eip=7c90eb94 esp=02e0fe1c ebp=02e0ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
02e0ff80 77e76c22 02e0ffa8 77e76a3b 00246f08 ntdll!KiFastSystemCallRet
02e0ff88 77e76a3b 00246f08 00000080 025f0178 RPCRT4!I_RpcBCacheFree+0x5ea
02e0ffa8 77e76c0a 00169e50 02e0ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
02e0ffb4 7c80b50b 00206038 00000080 025f0178 RPCRT4!I_RpcBCacheFree+0x5d2
02e0ffec 00000000 77e76bf0 00206038 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002e0fe1c 99 e3 90 7c 03 67 e7 77 - 9c 03 00 00 70 ff e0 02
....|.g.w....p...
0000000002e0fe2c 00 00 00 00 d0 0c 21 02 - 54 ff e0 02 07 00 00 00
.......!.T.......
0000000002e0fe3c 00 00 00 00 73 00 74 00 - 72 00 69 00 6e 00 67 00
.....s.t.r.i.n.g.
0000000002e0fe4c 00 00 00 00 02 00 66 01 - 00 00 08 01 c8 02 15 00
.......f.........
0000000002e0fe5c 80 cd 21 00 0f 00 00 00 - 00 00 00 00 63 00 6f 00
...!.........c.o.
0000000002e0fe6c 03 00 00 00 69 00 65 00 - 64 00 6f 00 6d 00 61 00
.....i.e.d.o.m.a.
0000000002e0fe7c 69 00 6e 00 33 00 32 00 - 00 00 00 00 07 00 07 00
i.n.3.2.........
0000000002e0fe8c 9e 01 08 01 4c 97 03 02 - 0e 00 00 00 0f 00 00 00
.....L...........
0000000002e0fe9c 00 00 00 00 63 00 6f 00 - 6f 00 6b 00 69 00 65 00
.....c.o.o.k.i.e.
0000000002e0feac 64 00 6f 00 6d 00 61 00 - 69 00 6e 00 33 00 33 00
d.o.m.a.i.n.3.3.
0000000002e0febc 00 00 00 00 05 00 0e 00 - 87 01 08 01 4c 97 03 02
.............L...
0000000002e0fecc 02 00 00 00 07 00 00 00 - 00 00 00 00 69 00 64 00
.............i.d.
0000000002e0fedc 00 00 69 00 6e 00 67 00 - 7c 00 00 00 17 00 13 00
...i.n.g.|.......
0000000002e0feec 8a 00 08 01 30 02 15 00 - 30 02 15 00 17 00 00 00
.....0...0.......
0000000002e0fefc 00 00 00 00 73 00 74 00 - 72 00 69 00 6e 00 67 00
.....s.t.r.i.n.g.
0000000002e0ff0c 7c 00 63 00 6f 00 6f 00 - 94 6c b0 85 24 3c d8 f5
|.c.o.o..l..$<..
0000000002e0ff1c d9 9a 4f 80 e1 9a 4f 80 - 64 6c b0 85 f8 6a b0 85
...O...O.dl...j..
0000000002e0ff2c 2c 6b b0 85 80 ff e0 02 - 99 66 e7 77 4c ff e0 02
,k.......f.wL...
0000000002e0ff3c a9 66 e7 77 ed 10 90 7c - 60 ef 19 02 38 60 20 00
..f.w...|`...8` .
0000000002e0ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0xcc0 <----*

eax=00000000 ebx=c0000000 ecx=0333fe58 edx=7c90eb94 esi=00000000
edi=71a87558
eip=7c90eb94 esp=0333ff7c ebp=0333ffb4 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0333ffb4 7c80b50b 71a5d8ec 02acf910 7c90ee18 ntdll!KiFastSystemCallRet
0333ffec 00000000 71a5d5af 0219c4f8 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000333ff7c 1b e3 90 7c 09 d6 a5 71 - cc 04 00 00 bc ff 33 03
....|...q......3.
000000000333ff8c b0 ff 33 03 a4 ff 33 03 - 50 d6 a5 71 10 f9 ac 02
...3...3.P..q....
000000000333ff9c 18 ee 90 7c f8 c4 19 02 - 00 00 00 00 00 00 00 00
....|............
000000000333ffac 00 00 a5 71 28 49 f5 07 - ec ff 33 03 0b b5 80 7c
....q(I....3....|
000000000333ffbc ec d8 a5 71 10 f9 ac 02 - 18 ee 90 7c f8 c4 19 02
....q.......|....
000000000333ffcc 00 f0 fa 7f 00 06 7c 86 - c0 ff 33 03 f0 3c 80 85
.......|...3..<..
000000000333ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
000000000333ffec 00 00 00 00 00 00 00 00 - af d5 a5 71 f8 c4 19 02
............q....
000000000333fffc 00 00 00 00 bf 00 34 03 - 00 00 00 00 07 00 00 00
.......4.........
000000000334000c 00 00 00 0a 00 00 00 00 - 00 00 00 00 00 06 00 00
.................
000000000334001c 00 00 00 06 00 00 00 00 - 00 1f 00 00 00 00 00 00
.................
000000000334002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000334003c 00 00 00 00 00 00 00 00 - 01 01 0c 00 00 00 00 00
.................
000000000334004c 00 00 00 00 00 00 01 0a - 00 00 00 00 00 00 00 00
.................
000000000334005c 00 01 00 00 00 00 01 01 - 00 00 01 00 00 01 0a 00
.................
000000000334006c 00 00 00 00 00 00 00 00 - 03 00 00 00 00 00 00 00
.................
000000000334007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10 00
.................
000000000334008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 05 00
.................
000000000334009c 00 00 00 01 05 00 00 00 - 00 00 00 01 00 00 00 00
.................
00000000033400ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xf74 <----*

eax=00000000 ebx=7c901005 ecx=00000000 edx=0385d3bc esi=00000518
edi=00000000
eip=7c90eb94 esp=0385ff14 ebp=0385ff78 iopl=0 nv up ei ng nz ac pe
cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000293

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\mshtml.dll -
ChildEBP RetAddr Args to Child
0385ff78 7c802542 00000518 000927c0 00000000 ntdll!KiFastSystemCallRet
0385ff8c 7d539535 00000518 000927c0 7726d6b0
kernel32!WaitForSingleObject+0x12
0385ffb4 7c80b50b 03342550 7726d6b0 7726d67c mshtml+0x99535
0385ffec 00000000 7d586c27 03342550 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000385ff14 c0 e9 90 7c db 25 80 7c - 18 05 00 00 00 00 00 00
....|.%.|........
000000000385ff24 48 ff 85 03 00 00 00 00 - 50 25 34 03 05 10 90 7c
H.......P%4....|
000000000385ff34 14 00 00 00 01 00 00 00 - e8 c5 1a 02 00 00 00 00
.................
000000000385ff44 00 00 00 00 00 44 5f 9a - fe ff ff ff 00 80 fd 7f
......D_.........
000000000385ff54 00 e0 fa 7f 48 ff 85 03 - 20 f8 41 03 28 ff 85 03
.....H... .A.(...
000000000385ff64 87 0f 51 7d dc ff 85 03 - f3 99 83 7c 08 26 80 7c
...Q}.......|.&.|
000000000385ff74 00 00 00 00 8c ff 85 03 - 42 25 80 7c 18 05 00 00
.........B%.|....
000000000385ff84 c0 27 09 00 00 00 00 00 - b4 ff 85 03 35 95 53 7d
..'..........5.S}
000000000385ff94 18 05 00 00 c0 27 09 00 - b0 d6 26 77 50 25 34 03
......'....&wP%4.
000000000385ffa4 50 25 34 03 62 6c 58 7d - 7c d6 26 77 34 6c 58 7d
P%4.blX}|.&w4lX}
000000000385ffb4 ec ff 85 03 0b b5 80 7c - 50 25 34 03 b0 d6 26 77
........|P%4...&w
000000000385ffc4 7c d6 26 77 50 25 34 03 - 00 e0 fa 7f 00 06 7c 86
|.&wP%4.......|.
000000000385ffd4 c0 ff 85 03 f0 3c 80 85 - ff ff ff ff f3 99 83 7c
......<.........|
000000000385ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
000000000385fff4 27 6c 58 7d 50 25 34 03 - 00 00 00 00 0d 00 af 6f
'lX}P%4........o
0000000003860004 01 00 3f 00 3f 00 3f 00 - 3f 00 00 00 00 00 00 00
...?.?.?.?.......
0000000003860014 00 00 00 00 00 00 03 01 - 00 00 01 00 02 00 03 00
.................
0000000003860024 04 00 05 00 06 00 07 00 - 08 00 09 00 0a 00 0b 00
.................
0000000003860034 0c 00 0d 00 0e 00 0f 00 - 10 00 11 00 12 00 13 00
.................
0000000003860044 14 00 15 00 16 00 17 00 - 18 00 19 00 1a 00 1b 00
.................

*----> State Dump for Thread Id 0xc4c <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000001
eip=7c90eb94 esp=03e3fcec ebp=03e3ffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
03e3ffb4 7c80b50b 00000000 00747470 00000000 ntdll!KiFastSystemCallRet
03e3ffec 00000000 7c929fae 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003e3fcec ab e9 90 7c d5 a0 92 7c - 15 00 00 00 30 fd e3 03
....|...|....0...
0000000003e3fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 70 74 74 00
.............ptt.
0000000003e3fd0c 00 00 00 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c
............|...|
0000000003e3fd1c 8c 05 00 00 4c 0c 00 00 - 15 00 00 00 15 00 00 00
.....L...........
0000000003e3fd2c 14 00 00 00 88 05 00 00 - 38 00 00 00 c8 05 00 00
.........8.......
0000000003e3fd3c d4 05 00 00 f0 05 00 00 - fc 05 00 00 08 06 00 00
.................
0000000003e3fd4c 28 06 00 00 30 06 00 00 - 38 06 00 00 4c 06 00 00
(...0...8...L...
0000000003e3fd5c 54 06 00 00 60 06 00 00 - 6c 06 00 00 78 06 00 00
T...`...l...x...
0000000003e3fd6c 80 06 00 00 8c 06 00 00 - 98 06 00 00 a4 06 00 00
.................
0000000003e3fd7c ac 06 00 00 80 0a 00 00 - cc 06 00 00 d8 06 00 00
.................
0000000003e3fd8c e4 06 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003e3fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xcb8 <----*

eax=769c8831 ebx=03f3fef4 ecx=0013c8d0 edx=0013cb84 esi=00000000
edi=7ffd8000
eip=7c90eb94 esp=03f3fecc ebp=03f3ff68 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USERENV.dll -
ChildEBP RetAddr Args to Child
03f3ff68 7c809c86 00000003 76a60310 00000000 ntdll!KiFastSystemCallRet
03f3ff84 769c888d 00000003 76a60310 00000000
kernel32!WaitForMultipleObjects+0x18
03f3ffb4 7c80b50b 00000000 00000000 00000000
USERENV!UnregisterGPNotification+0x15c
03f3ffec 00000000 769c8831 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003f3fecc ab e9 90 7c f2 94 80 7c - 03 00 00 00 f4 fe f3 03
....|...|........
0000000003f3fedc 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f3feec b8 03 a6 76 77 9b 80 7c - d8 05 00 00 dc 05 00 00
....vw..|........
0000000003f3fefc e0 05 00 00 5c fe f3 03 - 6c ff f3 03 6c ff f3 03
.....\...l...l...
0000000003f3ff0c 18 ee 90 7c 70 05 91 7c - 14 00 00 00 01 00 00 00
....|p..|........
0000000003f3ff1c 78 d3 1f 02 00 00 00 00 - 00 00 00 00 f6 1b 80 7c
x..............|
0000000003f3ff2c 00 00 00 00 00 00 00 00 - 00 80 fd 7f 00 c0 fa 7f
.................
0000000003f3ff3c 58 4e 15 00 00 00 00 00 - f4 fe f3 03 00 00 00 00
XN..............
0000000003f3ff4c 03 00 00 00 e8 fe f3 03 - 00 00 00 00 dc ff f3 03
.................
0000000003f3ff5c f3 99 83 7c 90 95 80 7c - 00 00 00 00 84 ff f3 03
....|...|........
0000000003f3ff6c 86 9c 80 7c 03 00 00 00 - 10 03 a6 76 00 00 00 00
....|.......v....
0000000003f3ff7c ff ff ff ff 00 00 00 00 - b4 ff f3 03 8d 88 9c 76
................v
0000000003f3ff8c 03 00 00 00 10 03 a6 76 - 00 00 00 00 ff ff ff ff
........v........
0000000003f3ff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 9c 76
................v
0000000003f3ffac 03 00 00 00 00 00 00 00 - ec ff f3 03 0b b5 80 7c
................|
0000000003f3ffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f3ffcc 00 c0 fa 7f 00 00 00 00 - c0 ff f3 03 90 9f 2e 85
.................
0000000003f3ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
0000000003f3ffec 00 00 00 00 00 00 00 00 - 31 88 9c 76 00 00 00 00
.........1..v....
0000000003f3fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xbd4 <----*

eax=00000000 ebx=7c901005 ecx=00000010 edx=00000002 esi=00000530
edi=00000000
eip=7c90eb94 esp=0403ff14 ebp=0403ff78 iopl=0 nv up ei ng nz ac pe
cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000293

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0403ff78 7c802542 00000530 000927c0 00000000 ntdll!KiFastSystemCallRet
0403ff8c 7d539535 00000530 000927c0 033856b0
kernel32!WaitForSingleObject+0x12
0403ffb4 7c80b50b 0338f6a0 033856b0 02acf658 mshtml+0x99535
0403ffec 00000000 7d586c27 0338f6a0 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000403ff14 c0 e9 90 7c db 25 80 7c - 30 05 00 00 00 00 00 00
....|.%.|0.......
000000000403ff24 48 ff 03 04 00 00 00 00 - a0 f6 38 03 05 10 90 7c
H.........8....|
000000000403ff34 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000403ff44 10 00 00 00 00 44 5f 9a - fe ff ff ff 00 80 fd 7f
......D_.........
000000000403ff54 00 b0 fa 7f 48 ff 03 04 - c4 3d 53 7d 28 ff 03 04
.....H....=S}(...
000000000403ff64 f8 f6 38 03 dc ff 03 04 - f3 99 83 7c 08 26 80 7c
...8........|.&.|
000000000403ff74 00 00 00 00 8c ff 03 04 - 42 25 80 7c 30 05 00 00
.........B%.|0...
000000000403ff84 c0 27 09 00 00 00 00 00 - b4 ff 03 04 35 95 53 7d
..'..........5.S}
000000000403ff94 30 05 00 00 c0 27 09 00 - b0 56 38 03 a0 f6 38 03
0....'...V8...8.
000000000403ffa4 a0 f6 38 03 62 6c 58 7d - 58 f6 ac 02 34 6c 58 7d
...8.blX}X...4lX}
000000000403ffb4 ec ff 03 04 0b b5 80 7c - a0 f6 38 03 b0 56 38 03
........|..8..V8.
000000000403ffc4 58 f6 ac 02 a0 f6 38 03 - 00 b0 fa 7f 00 00 00 00
X.....8.........
000000000403ffd4 c0 ff 03 04 50 60 a9 85 - ff ff ff ff f3 99 83 7c
.....P`.........|
000000000403ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
000000000403fff4 27 6c 58 7d a0 f6 38 03 - 00 00 00 00 17 ef c8 ca
'lX}..8.........
0000000004040004 01 00 00 00 00 00 00 00 - 00 00 00 00 f5 94 e0 f6
.................
0000000004040014 04 01 e6 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000004040024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000004040034 00 00 00 00 ad 2c b1 8e - 4e 00 05 00 00 00 00 00
......,..N.......
0000000004040044 00 00 00 00 00 00 00 00 - 00 00 00 00 2c 29 55 5c
.............,)U\

*----> State Dump for Thread Id 0xc8c <----*

eax=72d230e8 ebx=054efef8 ecx=000000ab edx=00000000 esi=00000000
edi=7ffd8000
eip=7c90eb94 esp=054efed0 ebp=054eff6c iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
054eff6c 7c809c86 00000002 054effa4 00000000 ntdll!KiFastSystemCallRet
054eff88 72d2312a 00000002 054effa4 00000000
kernel32!WaitForMultipleObjects+0x18
054effb4 7c80b50b 00000000 00000008 00150000 wdmaud!midMessage+0x348
054effec 00000000 72d230e8 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000054efed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe 4e 05
....|...|......N.
00000000054efee0 01 00 00 00 00 00 00 00 - 00 00 00 00 08 00 00 00
.................
00000000054efef0 00 00 00 00 00 00 00 00 - 68 07 00 00 64 07 00 00
.........h...d...
00000000054eff00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000054eff10 00 00 00 00 54 bc 9a 85 - 14 00 00 00 01 00 00 00
.....T...........
00000000054eff20 60 a6 28 02 00 00 00 00 - 00 00 00 00 ec ba 9a 85
`.(.............
00000000054eff30 00 00 00 00 8e 83 63 80 - 00 80 fd 7f 00 90 fa 7f
.......c.........
00000000054eff40 00 90 fa 7f 00 00 00 00 - f8 fe 4e 05 00 00 00 00
...........N.....
00000000054eff50 02 00 00 00 ec fe 4e 05 - 00 00 00 00 dc ff 4e 05
.......N.......N.
00000000054eff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff 4e 05
....|...|......N.
00000000054eff70 86 9c 80 7c 02 00 00 00 - a4 ff 4e 05 00 00 00 00
....|......N.....
00000000054eff80 ff ff ff ff 00 00 00 00 - b4 ff 4e 05 2a 31 d2 72
...........N.*1.r
00000000054eff90 02 00 00 00 a4 ff 4e 05 - 00 00 00 00 ff ff ff ff
.......N.........
00000000054effa0 00 00 15 00 68 07 00 00 - 64 07 00 00 00 00 00 00
.....h...d.......
00000000054effb0 dc e2 90 7c ec ff 4e 05 - 0b b5 80 7c 00 00 00 00
....|..N....|....
00000000054effc0 08 00 00 00 00 00 15 00 - 00 00 00 00 00 90 fa 7f
.................
00000000054effd0 00 06 7c 86 c0 ff 4e 05 - 00 5e a0 85 ff ff ff ff
...|...N..^......
00000000054effe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
00000000054efff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00
......0.r........
00000000054f0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x110 <----*

eax=00000001 ebx=034cf68c ecx=033404d0 edx=00000000 esi=0000074c
edi=00000000
eip=7c90eb94 esp=063bff08 ebp=063bff6c iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
063bff6c 7c802542 0000074c ffffffff 00000000 ntdll!KiFastSystemCallRet
063bff80 7d66a58b 0000074c ffffffff 03380000
kernel32!WaitForSingleObject+0x12
063bffa4 7d586c62 7d54c9dc 7d586c34 063bffec mshtml+0x1ca58b
063bffb4 7c80b50b 033e9a40 03380000 7d54c9dc mshtml+0xe6c62
063bffec 00000000 7d586c27 033e9a40 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000063bff08 c0 e9 90 7c db 25 80 7c - 4c 07 00 00 00 00 00 00
....|.%.|L.......
00000000063bff18 00 00 00 00 84 9a 3e 03 - 40 9a 3e 03 8c f6 4c 03
.......>.@.>...L.
00000000063bff28 14 00 00 00 01 00 00 00 - 38 b3 65 05 00 00 00 00
.........8.e.....
00000000063bff38 00 00 00 00 d0 02 34 03 - 8c 8b d4 77 00 80 fd 7f
.......4....w....
00000000063bff48 00 70 fa 7f 00 00 00 00 - 00 00 00 00 1c ff 3b 06
..p............;.
00000000063bff58 db cd 50 7d dc ff 3b 06 - f3 99 83 7c 08 26 80 7c
...P}..;....|.&.|
00000000063bff68 00 00 00 00 80 ff 3b 06 - 42 25 80 7c 4c 07 00 00
.......;.B%.|L...
00000000063bff78 ff ff ff ff 00 00 00 00 - a4 ff 3b 06 8b a5 66 7d
...........;...f}
00000000063bff88 4c 07 00 00 ff ff ff ff - 00 00 38 03 40 9a 3e 03
L.........8.@.>.
00000000063bff98 40 9a 3e 03 00 00 00 00 - ff ff ff ff b4 ff 3b 06
@.>...........;.
00000000063bffa8 62 6c 58 7d dc c9 54 7d - 34 6c 58 7d ec ff 3b 06
blX}..T}4lX}..;.
00000000063bffb8 0b b5 80 7c 40 9a 3e 03 - 00 00 38 03 dc c9 54 7d
....|@.>...8...T}
00000000063bffc8 40 9a 3e 03 00 70 fa 7f - 00 06 7c 86 c0 ff 3b 06
@.>..p....|...;.
00000000063bffd8 80 67 48 86 ff ff ff ff - f3 99 83 7c 18 b5 80 7c
..gH........|...|
00000000063bffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 27 6c 58 7d
.............'lX}
00000000063bfff8 40 9a 3e 03 00 00 00 00 - 80 03 00 00 00 10 00 00
@.>.............
00000000063c0008 99 9e 36 00 00 00 00 00 - 07 00 00 00 00 00 00 00
...6.............
00000000063c0018 05 00 00 00 00 00 00 00 - fb 87 08 00 00 00 00 00
.................
00000000063c0028 a3 01 00 00 00 00 00 00 - b0 00 00 00 00 00 00 00
.................
00000000063c0038 35 00 00 00 1d 00 00 00 - 18 00 00 00 5b 00 00 00
5...........[...

*----> State Dump for Thread Id 0xe8 <----*

eax=00b00000 ebx=065bf650 ecx=00001000 edx=7c90eb94 esi=00000b58
edi=00000000
eip=7c90eb94 esp=065bf634 ebp=065bf93c iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
065bf93c 7c83aa6b 065bf964 7c839a54 065bf96c ntdll!KiFastSystemCallRet
065bffec 00000000 774fe429 0220df90 00000000 kernel32!FindAtomW+0x110c

*----> Raw Stack Dump <----*
00000000065bf634 ab e9 90 7c d5 33 86 7c - 02 00 00 00 6c f7 5b 06
....|.3.|....l.[.
00000000065bf644 01 00 00 00 01 00 00 00 - 00 00 00 00 43 00 3a 00
.............C.:.
00000000065bf654 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00
\.W.I.N.D.O.W.S.
00000000065bf664 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00
\.s.y.s.t.e.m.3.
00000000065bf674 32 00 5c 00 64 00 72 00 - 77 00 74 00 73 00 6e 00
2.\.d.r.w.t.s.n.
00000000065bf684 33 00 32 00 20 00 2d 00 - 70 00 20 00 34 00 30 00 3.2.
..-.p. .4.0.
00000000065bf694 38 00 30 00 20 00 2d 00 - 65 00 20 00 32 00 39 00 8.0.
..-.e. .2.9.
00000000065bf6a4 30 00 34 00 20 00 2d 00 - 67 00 00 00 00 00 00 00 0.4.
..-.g.......
00000000065bf6b4 2e 00 00 00 00 00 00 00 - 00 00 00 00 3c f9 5b 06
.............<.[.
00000000065bf6c4 0f 32 86 7c 05 00 00 00 - 3c f9 5b 06 41 32 86 7c
..2.|....<.[.A2.|
00000000065bf6d4 69 32 86 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
i2.|............
00000000065bf6e4 44 00 00 00 00 00 00 00 - 78 34 86 7c 00 00 00 00
D.......x4.|....
00000000065bf6f4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000065bf704 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000065bf714 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000065bf724 00 00 00 00 00 50 fa 7f - d8 c0 97 7c c0 f8 5b 06
......P.....|..[.
00000000065bf734 00 00 00 00 00 50 fa 7f - 00 00 00 00 f8 f7 5b 06
......P........[.
00000000065bf744 00 00 00 00 c0 f7 5b 06 - 00 00 00 00 00 00 00 00
.......[.........
00000000065bf754 00 00 00 00 12 00 0a 02 - 00 5c fa 7f 00 00 00 00
..........\......
00000000065bf764 80 f7 5b 00 00 00 00 00 - 58 0b 00 00 4c 05 00 00
...[.....X...L...

*----> State Dump for Thread Id 0xdd8 <----*

eax=00000000 ebx=00000000 ecx=066dfd04 edx=7c90eb94 esi=00246f08
edi=00246fac
eip=7c90eb94 esp=066dfe1c ebp=066dff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
066dff80 77e76c22 066dffa8 77e76a3b 00246f08 ntdll!KiFastSystemCallRet
066dff88 77e76a3b 00246f08 00000004 025f0178 RPCRT4!I_RpcBCacheFree+0x5ea
066dffa8 77e76c0a 00169e50 066dffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
066dffb4 7c80b50b 0566ce78 00000004 025f0178 RPCRT4!I_RpcBCacheFree+0x5d2
066dffec 00000000 77e76bf0 0566ce78 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000066dfe1c 99 e3 90 7c 03 67 e7 77 - 9c 03 00 00 70 ff 6d 06
....|.g.w....p.m.
00000000066dfe2c 00 00 00 00 68 7f 27 02 - 54 ff 6d 06 48 00 60 00
.....h.'.T.m.H.`.
00000000066dfe3c 00 00 00 00 00 00 00 00 - 23 c9 c4 f5 00 00 00 00
.........#.......
00000000066dfe4c 00 00 00 00 02 c0 c4 f5 - 00 00 86 85 5c bb f2 f3
.............\...
00000000066dfe5c bd f7 5a 80 48 0a 3d e3 - 80 12 1d e3 80 39 7f 85
...Z.H.=......9..
00000000066dfe6c 04 00 00 00 01 00 00 00 - 00 00 00 00 14 00 00 00
.................
00000000066dfe7c 01 01 01 01 01 01 01 01 - 01 01 01 01 01 01 01 01
.................
00000000066dfe8c 01 01 01 01 00 00 00 00 - c8 bb f2 f3 36 5d c5 f5
.............6]..
00000000066dfe9c 24 20 01 00 14 5a c5 f5 - 38 90 ec 85 00 00 00 00 $
....Z..8.......
00000000066dfeac ad 06 00 00 06 00 00 00 - 00 bb 01 00 00 00 00 00
.................
00000000066dfebc 30 b5 aa 85 88 bb f2 f3 - 30 b5 aa 85 00 00 00 00
0.......0.......
00000000066dfecc 06 00 00 00 03 00 00 84 - 60 eb 32 e3 01 c0 6c 06
.........`.2...l.
00000000066dfedc 14 00 00 00 80 02 00 00 - 00 00 00 00 28 90 86 85
.............(...
00000000066dfeec 60 36 03 c0 40 09 00 00 - 5c 00 52 00 ff ff ff ff
`6..@...\.R.....
00000000066dfefc 00 00 00 00 14 91 ec 85 - 44 bc f2 f3 9c 39 7f 85
.........D....9..
00000000066dff0c 00 00 00 00 70 ee db 85 - ec c6 95 85 24 bc f2 f3
.....p.......$...
00000000066dff1c d9 9a 4f 80 e1 9a 4f 80 - bc c6 95 85 50 c5 95 85
...O...O.....P...
00000000066dff2c 84 c5 95 85 80 ff 6d 06 - 99 66 e7 77 4c ff 6d 06
.......m..f.wL.m.
00000000066dff3c a9 66 e7 77 ed 10 90 7c - 60 15 66 05 78 ce 66 05
..f.w...|`.f.x.f.
00000000066dff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x39c <----*

eax=00000023 ebx=00000908 ecx=00000000 edx=05640da0 esi=06dbff98
edi=77d51042
eip=7c90eb94 esp=06dbff54 ebp=06dbff78 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
06dbff78 76b44e3d 06dbff98 00000000 00000000 ntdll!KiFastSystemCallRet
06dbffb4 7c80b50b 00000908 00000200 0000002b WINMM!PlaySoundW+0x7e6
06dbffec 00000000 76b44dd6 00000908 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000006dbff54 be 91 d4 77 82 10 d5 77 - 98 ff db 06 00 00 00 00
....w...w........
0000000006dbff64 00 00 00 00 00 00 00 00 - 08 09 00 00 42 10 d5 77
.............B..w
0000000006dbff74 00 00 00 00 b4 ff db 06 - 3d 4e b4 76 98 ff db 06
.........=N.v....
0000000006dbff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00
.................
0000000006dbff94 2b 00 00 00 6e 05 1c 00 - d5 c0 00 00 00 00 00 00
+...n...........
0000000006dbffa4 00 00 00 00 ff 1c 4d 03 - ea 01 00 00 d9 01 00 00
.......M.........
0000000006dbffb4 ec ff db 06 0b b5 80 7c - 08 09 00 00 00 02 00 00
........|........
0000000006dbffc4 2b 00 00 00 08 09 00 00 - 00 40 fa 7f 00 06 7c 86
+........@....|.
0000000006dbffd4 c0 ff db 06 00 5e a0 85 - ff ff ff ff f3 99 83 7c
......^.........|
0000000006dbffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
0000000006dbfff4 d6 4d b4 76 08 09 00 00 - 00 00 00 00 1f 1f 1f 12
..M.v............
0000000006dc0004 01 1a 1a 04 02 02 1f 1f - 1f 1f 1f 00 1f 1f 1f 14
.................
0000000006dc0014 15 15 15 01 09 01 13 11 - 11 0c 19 00 07 13 13 14
.................
0000000006dc0024 15 15 14 10 01 15 04 06 - 0a 1b 0c 00 0f 17 17 16
.................
0000000006dc0034 1c 14 05 05 14 1a 06 06 - 19 06 0c 00 0f 05 05 05
.................
0000000006dc0044 05 0d 07 1e 1a 0a 0a 05 - 05 06 11 00 0f 05 16 19
.................
0000000006dc0054 02 03 03 03 1e 08 1e 07 - 1e 11 1f 00 0f 05 05 02
.................
0000000006dc0064 13 1d 0b 03 03 08 0b 03 - 03 08 0e 00 0f 05 16 0d
.................
0000000006dc0074 13 10 1d 0b 0b 00 1d 0b - 03 03 1e 00 0f 05 05 1e
.................
0000000006dc0084 07 07 1e 07 10 00 10 1d - 0b 03 0e 00 0f 05 16 16
.................

*----> State Dump for Thread Id 0xa24 <----*

eax=0334a460 ebx=00000000 ecx=0334a450 edx=00000043 esi=7c97c380
edi=7c97c3a0
eip=7c90eb94 esp=0593ff70 ebp=0593ffb4 iopl=0 nv up ei ng nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0593ffb4 7c80b50b 00000000 00000000 07e79830 ntdll!KiFastSystemCallRet
0593ffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000593ff70 1b e3 90 7c 9d 07 91 7c - 8c 03 00 00 ac ff 93 05
....|...|........
000000000593ff80 b0 ff 93 05 98 ff 93 05 - a0 ff 93 05 00 00 00 00
.................
000000000593ff90 30 98 e7 07 00 00 00 00 - 00 00 00 00 98 84 2a 08
0.............*.
000000000593ffa0 00 7c 28 e8 ff ff ff ff - 35 0c 6d 80 69 75 92 7c
..|(.....5.m.iu.|
000000000593ffb0 60 e5 25 02 ec ff 93 05 - 0b b5 80 7c 00 00 00 00
`.%........|....
000000000593ffc0 00 00 00 00 30 98 e7 07 - 00 00 00 00 00 a0 fa 7f
.....0...........
000000000593ffd0 00 06 7c 86 c0 ff 93 05 - 68 f1 d9 85 ff ff ff ff
...|.....h.......
000000000593ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
000000000593fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00
.....`..|........
0000000005940000 ff f9 00 00 ff f9 00 00 - ff f9 00 00 ff f9 00 00
.................
0000000005940010 ff f9 00 00 ff f9 00 00 - ff f9 00 00 ff fd 00 00
.................
0000000005940020 ff ff 00 00 7f ff 00 00 - 3f fd 00 00 1f f9 00 00
.........?.......
0000000005940030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000005940090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000059400a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x94 <----*

eax=0740b68c ebx=00000000 ecx=00000006 edx=08556120 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=06f4fe40 ebp=06f4fec8 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
06f4fec8 7c90104b 0197c0d8 7c919148 7c97c0d8 ntdll!KiFastSystemCallRet
06f4ff3c 7c80cce7 7c97c3a0 7c97c380 00000000
ntdll!RtlEnterCriticalSection+0x46
06f4ff74 7c80c939 00000000 06f4ffb4 7c910b63 kernel32!ExitThread+0x3e
06f4ff80 7c910b63 00000000 00000000 07f3acc8 kernel32!IsBadHugeWritePtr+0x1d
06f4ffb4 7c80b50b 00000000 00000000 07f3acc8 ntdll!wcsncpy+0xd4
06f4ffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000006f4fe40 c0 e9 90 7c 1b 90 91 7c - b0 03 00 00 00 00 00 00
....|...|........
0000000006f4fe50 00 00 00 00 00 80 fd 7f - 00 e0 fd 7f 00 00 00 00
.................
0000000006f4fe60 c6 7b 1f 77 48 fe f4 06 - 78 fe f4 06 00 00 00 00
..{.wH...x.......
0000000006f4fe70 c8 05 91 7c 98 c4 17 08 - 44 ff f4 06 51 05 91 7c
....|....D...Q..|
0000000006f4fe80 18 07 15 00 6d 05 91 7c - 80 c3 97 7c a0 c4 17 08
.....m..|...|....
0000000006f4fe90 00 00 00 00 08 90 e9 07 - 30 ff f4 06 7b 94 f6 77
.........0...{..w
0000000006f4fea0 59 bf 1b 77 58 6f d6 07 - 68 74 45 07 00 00 00 00
Y..wXo..htE.....
0000000006f4feb0 00 00 00 00 00 00 00 00 - e0 fe f4 06 cc 73 1d 77
..............s.w
0000000006f4fec0 00 00 00 00 b0 03 00 00 - 3c ff f4 06 4b 10 90 7c
.........<...K..|
0000000006f4fed0 d8 c0 97 01 48 91 91 7c - d8 c0 97 7c 00 00 00 00
.....H..|...|....
0000000006f4fee0 00 e0 fd 7f 00 00 00 00 - 00 00 00 00 20 cc 31 08
............. .1.
0000000006f4fef0 00 e0 fd 7f 40 ff f4 06 - 57 76 92 7c 10 ff f4 06
[email protected].|....
0000000006f4ff00 53 75 92 7c a0 c3 97 7c - a0 c4 17 08 00 00 15 00
Su.|...|........
0000000006f4ff10 14 00 00 00 01 00 00 00 - 00 80 fd 7f 00 00 00 00
.................
0000000006f4ff20 10 00 00 00 dc fe f4 06 - 3c e0 90 7c 64 ff f4 06
.........<..|d...
0000000006f4ff30 18 ee 90 7c 68 91 91 7c - ff ff ff ff 74 ff f4 06
....|h..|....t...
0000000006f4ff40 e7 cc 80 7c a0 c3 97 7c - 80 c3 97 7c 00 00 00 00
....|...|...|....
0000000006f4ff50 00 00 00 00 00 e0 fd 7f - 00 00 00 00 44 ff f4 06
.............D...
0000000006f4ff60 a0 c3 97 7c dc ff f4 06 - f3 99 83 7c 10 cd 80 7c
....|.......|...|
0000000006f4ff70 ff ff ff ff 80 ff f4 06 - 39 c9 80 7c 00 00 00 00
.........9..|....

*----> State Dump for Thread Id 0x984 <----*

eax=070cec70 ebx=00000000 ecx=00000066 edx=7c90eb94 esi=7c97c380
edi=7c97c3a0
eip=7c90eb94 esp=070cff70 ebp=070cffb4 iopl=0 nv up ei ng nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
070cffb4 7c80b50b 00000000 00000000 08010ed0 ntdll!KiFastSystemCallRet
070cffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000070cff70 1b e3 90 7c 9d 07 91 7c - 8c 03 00 00 ac ff 0c 07
....|...|........
00000000070cff80 b0 ff 0c 07 98 ff 0c 07 - a0 ff 0c 07 00 00 00 00
.................
00000000070cff90 d0 0e 01 08 00 00 00 00 - 00 00 00 00 58 28 44 08
.............X(D.
00000000070cffa0 00 7c 28 e8 ff ff ff ff - 35 0c 6d 80 69 75 92 7c
..|(.....5.m.iu.|
00000000070cffb0 40 44 bf 07 ec ff 0c 07 - 0b b5 80 7c 00 00 00 00
@D.........|....
00000000070cffc0 00 00 00 00 d0 0e 01 08 - 00 00 00 00 00 70 fd 7f
..............p..
00000000070cffd0 00 06 7c 86 c0 ff 0c 07 - 28 85 bc 85 ff ff ff ff
...|.....(.......
00000000070cffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
00000000070cfff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00
.....`..|........
00000000070d0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000070d00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xbc8 <----*

eax=0000da21 ebx=00000000 ecx=072b8c88 edx=072b8c88 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=0798fe40 ebp=0798fec8 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0798fec8 7c90104b 0197c0d8 7c919148 7c97c0d8 ntdll!KiFastSystemCallRet
0798ff3c 7c80cce7 7c97c3a0 7c97c380 00000000
ntdll!RtlEnterCriticalSection+0x46
0798ff74 7c80c939 00000000 0798ffb4 7c910b63 kernel32!ExitThread+0x3e
0798ff80 7c910b63 00000000 00000000 00000000 kernel32!IsBadHugeWritePtr+0x1d
0798ffb4 7c80b50b 00000000 00000000 00000000 ntdll!wcsncpy+0xd4
0798ffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000798fe40 c0 e9 90 7c 1b 90 91 7c - b0 03 00 00 00 00 00 00
....|...|........
000000000798fe50 00 00 00 00 00 80 fd 7f - 00 80 fa 7f 00 00 00 00
.................
000000000798fe60 00 00 00 00 40 e9 75 08 - 78 fe 98 07 00 00 00 00
[email protected].......
000000000798fe70 c8 05 91 7c 50 28 44 08 - 44 ff 98 07 51 05 91 7c
....|P(D.D...Q..|
000000000798fe80 18 07 15 00 6d 05 91 7c - 80 c3 97 7c 58 28 44 08
.....m..|...|X(D.
000000000798fe90 00 00 00 00 40 e9 75 08 - 98 84 2a 08 7b 94 f6 77
[email protected]...*.{..w
000000000798fea0 40 e9 75 08 80 9d 6c 05 - 40 e9 75 08 40 e9 75 08
@[email protected][email protected].
000000000798feb0 00 00 00 00 6a 73 1d 77 - e5 03 00 00 e8 fe 98 07
.....js.w........
000000000798fec0 00 00 00 00 b0 03 00 00 - 3c ff 98 07 4b 10 90 7c
.........<...K..|
000000000798fed0 d8 c0 97 01 48 91 91 7c - d8 c0 97 7c 00 00 00 00
.....H..|...|....
000000000798fee0 00 80 fa 7f 00 00 00 00 - 00 00 00 00 98 84 2a 08
...............*.
000000000798fef0 00 80 fa 7f 40 ff 98 07 - 57 76 92 7c 10 ff 98 07
[email protected].|....
000000000798ff00 53 75 92 7c a0 c3 97 7c - 58 28 44 08 00 00 15 00
Su.|...|X(D.....
000000000798ff10 14 00 00 00 01 00 00 00 - 00 80 fd 7f 88 6a 18 00
..............j..
000000000798ff20 00 00 00 00 dc fe 98 07 - 3c e0 90 7c 64 ff 98 07
.........<..|d...
000000000798ff30 18 ee 90 7c 68 91 91 7c - ff ff ff ff 74 ff 98 07
....|h..|....t...
000000000798ff40 e7 cc 80 7c a0 c3 97 7c - 80 c3 97 7c 00 00 00 00
....|...|...|....
000000000798ff50 00 00 00 00 00 80 fa 7f - 00 00 00 00 44 ff 98 07
.............D...
000000000798ff60 a0 c3 97 7c dc ff 98 07 - f3 99 83 7c 10 cd 80 7c
....|.......|...|
000000000798ff70 ff ff ff ff 80 ff 98 07 - 39 c9 80 7c 00 00 00 00
.........9..|....

*----> State Dump for Thread Id 0x96c <----*

eax=00000000 ebx=00000000 ecx=00000002 edx=00000003 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=00b0fc10 ebp=00b0fc98 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00b0fc98 7c90104b 0197c0d8 7c927357 7c97c0d8 ntdll!KiFastSystemCallRet
00b0fd18 7c90eac7 00b0fd2c 7c900000 00000000
ntdll!RtlEnterCriticalSection+0x46
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7

*----> Raw Stack Dump <----*
0000000000b0fc10 c0 e9 90 7c 1b 90 91 7c - b0 03 00 00 00 00 00 00
....|...|........
0000000000b0fc20 00 00 00 00 00 d0 fd 7f - 00 80 fd 7f 00 00 00 00
.................
0000000000b0fc30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc40 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fc90 00 00 00 00 b0 03 00 00 - 18 fd b0 00 4b 10 90 7c
.............K..|
0000000000b0fca0 d8 c0 97 01 57 73 92 7c - d8 c0 97 7c 2c fd b0 00
.....Ws.|...|,...
0000000000b0fcb0 04 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fcc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fcd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fce0 00 00 00 00 00 00 00 00 - 00 d0 fd 7f 00 00 00 00
.................
0000000000b0fcf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fd00 ac fc b0 00 00 00 00 00 - ff ff ff ff 18 ee 90 7c
................|
0000000000b0fd10 00 8e 91 7c ff ff ff ff - 00 00 00 00 c7 ea 90 7c
....|...........|
0000000000b0fd20 2c fd b0 00 00 00 90 7c - 00 00 00 00 17 00 01 00
,......|........
0000000000b0fd30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0fd40 00 00 00 00 00 00 00 00 - 90 40 a8 85 01 00 00 00
..........@......
 
Paul,

The Dr.Watson log that you posted is dated 10/14/2005. Are you sure that's
the correct one? By default, the log is appended each time when a crash
occurs, so the latest report will be at the bottom of the log. Also note
that the Event Log can sometimes provide vital information about the crash.

Click Start, Run and type eventvwr.msc
Select Application entry in the left pane
In the right-pane, look for the Error entry denoted by a Red X

Sort by date and track-down the entry based on what time the error exactly
occurred. Locate and double-click the entry and you'll see more information
in the resulting dialog. Click the copy button at the top and copy the whole
event and paste it to a Notepad document and save it. Post the information
here.

More Information: http://www.winxptutor.com/eventlog.htm

--( Example )--

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/30/2005
Time: 1:08:20 PM
User: N/A
Computer: SUPERCOMPUTER
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module
googletoolbar2.dll, version 3.0.125.1, fault address 0x0002f5f5.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 67 6f 6f 67 6c in googl
0038: 65 74 6f 6f 6c 62 61 72 etoolbar
0040: 32 2e 64 6c 6c 20 33 2e 2.dll 3.
0048: 30 2e 31 32 35 2e 31 20 0.125.1
0050: 61 74 20 6f 66 66 73 65 at offse
0058: 74 20 30 30 30 32 66 35 t 0002f5
0060: 66 35 0d 0a f5..


Note: In the "Loaded modules" section of the log file, sbhks.dll is
present. It's a PC monitoring program. See here:
http://vil.mcafeesecurity.com/vil/content/v_134518.htm


--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
 
Back
Top