Windows XP system corruption? Ref Dr. Watson

[MaxZ]

Hi everyone. I'm troubleshooting a PC here and am stuck as what to do next.

The machine boots fine, but once up any attempt to open up IE or the control
panel hangs the machine for a bit. For IE, nothing happens as if it was
never clicked to open. For the control panel, Dr watson comes up with an
error. I am going to get my CD and try a SFV, but that has never worked for
me in the past.

Any Suggestions in the meantime? If my scan is successful, I will post the
result. Thanks!

 

[MaxZ]

Oh yea, I did a norton scan, a spybot scan, and a swchredder scan and all
came back clean.

FYI, the pc is on a public ip and runs remote desktop. No firewall
installed (YET, but i'm doing it ASAP once this gets fixed). But, no
viruses/bots found. The machine worked great friday, but got screwed up over
the weekend somehow. I do not know if it was even used.

 

[Ron Martell]

Oh yea, I did a norton scan, a spybot scan, and a swchredder scan and all
came back clean.

FYI, the pc is on a public ip and runs remote desktop. No firewall
installed (YET, but i'm doing it ASAP once this gets fixed). But, no
viruses/bots found. The machine worked great friday, but got screwed up over
the weekend somehow. I do not know if it was even used.

The scans you mentioned are not sufficient to ensure that the machine
is clean of spyware, or even viruses.

Try some additional tools, as per MVP Jim Eshelman's Spyware Quick Fix
page at http://www.aumha.org/a/quickfix.htm

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[MaxZ]

I've followed the step and sued the tools refered too. It does not look like
I have an infection. I'm thinking something more along the lines of a
corruption somehwere. Programs affected that I know of ths far:

IE 6

Control Panel

Explorer

I've encountered similar problems in the past like this. Out of confusion
and frustration with not being able to find/fix the bad files I was forced
to relay and reconfigure the pc. What a headache.

Advice?

 

[Ron Martell]

I've followed the step and sued the tools refered too. It does not look like
I have an infection. I'm thinking something more along the lines of a
corruption somehwere. Programs affected that I know of ths far:

IE 6

Control Panel

Explorer

I've encountered similar problems in the past like this. Out of confusion
and frustration with not being able to find/fix the bad files I was forced
to relay and reconfigure the pc. What a headache.

Advice?

What is the error message that Dr. Watson produces when you try to
open Control Panel? That may be a clue as to what is going on.

Fixing Internet Explorer in the absence of any error message is going
to be a real shot in the dark.

Is your Internet access actually working? Do you by any chance have
another web browser installed (Firefox, Netscape, Mozilla, etc.)?

You can check for working Internet access by using Start - Run - CMD.
In the command prompt window enter the following command:

PING WWW.YAHOO.COM

If you get a "host not found" or other error message then there is
some sort of a TCP/IP or Winsock related hangup. If the PING command
can find Yahoo then the problem is most likely something in Internet
Explorer itself.

Hope this is of some assistance.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[MaxZ]

SFC did not do anything. Problem still exists.

Programs affected: Control Panel, Internet Explorer, Windows explorer,
(more? . . .)

When i last tried to run these programs, windows would hang for a bit with
the hour glass, then the taskbar would flas, icons disappear, and reappear
(This is a core program of windows re-booting itself, right?).

I was able to get the follow Dr. Watson error from trying the control panel:

Event Type: BEX p1: drwtsn32.exe p2: 5.1.2600.0 p3: 3b7d84a2 p4:
dbghelp.dll p5: 5.1.2600.2180 p6: 4110969a p7" 0001295d p8:
c0000409 p9: 0000000

Technical info shows the following:

Files Included wit the error report:
C:/<PATH>/drwtsn32.exe.mdmp
C:/<path>/appcompat.txt

Thanks.

 

[Gaga6]

I'm still having the same problem also. Please... someone help us out...

Helen

 

[MaxZ]

No Responses?

OK, if no one has any ideas i'm going to have to relay windows XP pro. Any
suggestions how to relay the system files while retaining the settings and
programs installed?

Thanks in advance.

 

[Patrick Keenan]

No Responses?

OK, if no one has any ideas i'm going to have to relay windows XP pro. Any
suggestions how to relay the system files while retaining the settings and
programs installed?

If you're at a point where the system is unstable enough to require a clean
re-install, you probably really don't want to retain the old registries, and
that's necessary to retain the installed programs. If the problem is
within the registry, you'll simply migrate the problems.

A repair install will retain the settings, but if the problem is within the
registry, will probably not help.

HTH
-pk

 

[MaxZ]

I do not think the issue is registry related. The problem happened over a
weekend when the computer was not being used. No new software ro system
changes were made. And it happened suddenly. Also, this install is fairly
new and not much is installed on it, so it is not as if the system is
cluttered.

What steps would you recommend for a repair install?

 

[Colin Barnhorst]

Boot with the xp cd and step through the installation past the first "r"
(for recovery console) to the second "r" (for repair) and follow the prompts
and instructions. Back out and redo if at any point it isn't clear where
you are in the process. If a repair install doesn't fix things up you still
have the option to do a clean install. You will need to revisit Microsoft
Update after the repair install to bring the system up to date again.

 

[Frank Saunders, MS-MVP OE]

No Responses?

OK, if no one has any ideas i'm going to have to relay windows XP
pro. Any suggestions how to relay the system files while retaining
the settings and programs installed?

Thanks in advance.

Even though you were asked, you have yet to give us the Dr. Watson error
message.

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[MaxZ]

Hi All.

A boot off the CD and repair of the existing operating system did not work.
The same problems exist.

As for DR Watson, here are the last snippets of the log file. Crashes seem
to be Explorer.exe for all in the log file. Below is the last entry
(Otherwise the post is too large). I can post more if needed.

Ideas?

*****************************
<Begin Paste>
Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=1220)
When: 11/15/2005 @ 10:41:42.625
Exception number: 80000007
()

*----> System Information <----*
Computer Name: SUSANBPC
User Name: Susanb
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 1
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: susanb

*----> Task List <----*
0 System Process
4 System
572 smss.exe
644 csrss.exe
668 winlogon.exe
712 services.exe
724 lsass.exe
880 svchost.exe
956 svchost.exe
1048 svchost.exe
1128 svchost.exe
1268 svchost.exe
1428 spoolsv.exe
1616 DefWatch.exe
1724 Rtvscan.exe
236 alg.exe
1236 VPTray.exe
1244 jusched.exe
1280 Acrotray.exe
1316 TSTimer.exe
2008 ntvdm.exe
1208 wuauclt.exe
1220 explorer.exe
308 cmd.exe
244 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe
(0000000001160000 - 0000000001172000: C:\WINDOWS\system32\browselc.dll
(0000000001e50000 - 0000000001f25000: C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
(0000000010000000 - 000000001000e000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000005f0e0000 - 000000005f106000: C:\WINDOWS\System32\nwprovau.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\system32\webcheck.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINDOWS\system32\msi.dll

*----> State Dump for Thread Id 0x218 <----*

eax=0011a64c ebx=00000003 ecx=7777a638 edx=77762030 esi=00119f58
edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca32c57 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 00119f58 7ffdf000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 000205e2 explorer+0x16e95
0007ffc0 7c816d4f 00e2b8a0 0006e890 7ffdf000 explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 f5 93 d4 77 ee 95 a3 7c - ac 92 80 7c 58 9f 11 00
....w...|...|X...
000000000007ff00 58 9f 11 00 14 ff 07 00 - 14 ff 07 00 57 2c a3 7c
X...........W,.|
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 58 9f 11 00
.....\....n..X...
000000000007ff20 00 f0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00
.............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c ed aa 80 7c
P.......'..|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 34 09 04 00
.............4...
000000000007ff50 a0 00 00 00 01 00 00 00 - 58 9f 11 00 c0 ff 07 00
.........X.......
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 e2 05 02 00
.................
000000000007ff70 05 00 00 00 a0 b8 e2 00 - 90 e8 06 00 44 00 00 00
.............D...
000000000007ff80 34 06 02 00 14 06 02 00 - e4 05 02 00 00 00 00 00
4...............
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00
.................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00
.....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000007ffc0 f0 ff 07 00 4f 6d 81 7c - a0 b8 e2 00 90 e8 06 00
.....Om.|........
000000000007ffd0 00 f0 fd 7f 38 b0 54 80 - c8 ff 07 00 38 39 1b 84
.....8.T.....89..
000000000007ffe0 ff ff ff ff f3 99 83 7c - 58 6d 81 7c 00 00 00 00
........|Xm.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00
.........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx
.........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00
......... .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00
.............4...

*----> State Dump for Thread Id 0x214 <----*

eax=00e0ff54 ebx=00000000 ecx=000b68c8 edx=7c90eb94 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=00e0fe1c ebp=00e0ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00e0ff80 77e76c22 00e0ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
00e0ff88 77e76a3b 000b68c8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00e0ffa8 77e76c0a 000b6780 00e0ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00e0ffb4 7c80b50b 000c0d68 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00e0ffec 00000000 77e76bf0 000c0d68 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e0fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff e0 00
....|.g.w....p...
0000000000e0fe2c 00 00 00 00 b8 90 11 00 - 4c ff e0 00 b0 cc 57 80
.........L.....W.
0000000000e0fe3c cb cc 57 80 64 5d 0a f6 - 78 f4 07 00 27 cc 57 80
...W.d]..x...'.W.
0000000000e0fe4c 37 47 56 80 30 6f 19 84 - 38 39 1b 84 70 3b 3c 84
7GV.0o..89..p;<.
0000000000e0fe5c 70 c5 56 80 28 f9 07 00 - 04 00 00 00 00 c6 56 80
p.V.(.........V.
0000000000e0fe6c 64 5d 0a f6 5c 02 00 00 - 05 00 00 00 00 91 4e 80
d]..\.........N.
0000000000e0fe7c 00 00 00 00 38 39 1b 84 - 88 5b 0a f6 25 44 56 80
.....89...[..%DV.
0000000000e0fe8c 05 00 00 00 05 00 00 00 - 98 10 07 e1 f8 82 01 e1
.................
0000000000e0fe9c 02 00 00 00 fe ff f8 00 - 98 ff 6b e1 98 10 07 e1
...........k.....
0000000000e0feac b0 35 56 00 00 00 00 00 - 00 00 00 00 5c 00 52 00
..5V.........\.R.
0000000000e0febc ff ff ff ff 28 5c 0a f6 - 6c 38 56 80 49 03 00 00
.....(\..l8V.I...
0000000000e0fecc 34 00 00 c0 30 6f 19 84 - 48 71 00 e1 9a 00 00 00
4...0o..Hq......
0000000000e0fedc 9e 01 00 00 00 30 50 c0 - 04 39 50 c0 01 60 f1 77
......0P..9P..`.w
0000000000e0feec 00 00 00 00 fc 5b 0a f6 - e0 78 4e 80 9a 00 00 00
......[...xN.....
0000000000e0fefc 9e 01 00 00 01 52 83 77 - 01 00 00 00 9c 36 50 c0
......R.w.....6P.
0000000000e0ff0c a8 9c fe 83 70 63 f1 77 - 3c 19 06 84 24 5c 0a f6
.....pc.w<...$\..
0000000000e0ff1c 62 c8 4d 80 6a c8 4d 80 - 0c 19 06 84 a0 17 06 84
b.M.j.M.........
0000000000e0ff2c d4 17 06 84 80 ff e0 00 - 99 66 e7 77 4c ff e0 00
..........f.wL...
0000000000e0ff3c a9 66 e7 77 ed 10 90 7c - f8 f9 0b 00 68 0d 0c 00
..f.w...|....h...
0000000000e0ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x358 <----*

eax=774f319a ebx=00007530 ecx=7ffdf000 edx=00000000 esi=00000000
edi=00e5ff50
eip=7c90eb94 esp=00e5ff20 ebp=00e5ff78 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00e5ff78 7c802451 0000ea60 00000000 00e5ffb4 ntdll!KiFastSystemCallRet
00e5ff88 774f2fcb 0000ea60 000c33f0 774f314d kernel32!Sleep+0xf
00e5ffb4 7c80b50b 000c33f0 7c910945 7c91094e ole32!StringFromGUID2+0x2d1
00e5ffec 00000000 774f319a 000c33f0 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e5ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff e5 00
\..|.#.|....P...
0000000000e5ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00
P%.|.V`w0u......
0000000000e5ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
0000000000e5ff50 00 ba 3c dc ff ff ff ff - fc fe e5 00 50 ff e5 00
...<.........P...
0000000000e5ff60 30 ff e5 00 fc fe e5 00 - dc ff e5 00 f3 99 83 7c
0..............|
0000000000e5ff70 58 24 80 7c 00 00 00 00 - 88 ff e5 00 51 24 80 7c
X$.|........Q$.|
0000000000e5ff80 60 ea 00 00 00 00 00 00 - b4 ff e5 00 cb 2f 4f 77
`............/Ow
0000000000e5ff90 60 ea 00 00 f0 33 0c 00 - 4d 31 4f 77 00 00 00 00
`....3..M1Ow....
0000000000e5ffa0 45 09 91 7c f0 33 0c 00 - 00 00 4e 77 b5 31 4f 77
E..|.3....Nw.1Ow
0000000000e5ffb0 4e 09 91 7c ec ff e5 00 - 0b b5 80 7c f0 33 0c 00
N..|.......|.3..
0000000000e5ffc0 45 09 91 7c 4e 09 91 7c - f0 33 0c 00 00 c0 fd 7f
E..|N..|.3......
0000000000e5ffd0 00 46 3c 84 c0 ff e5 00 - d0 68 09 84 ff ff ff ff
..F<......h......
0000000000e5ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000000e5fff0 00 00 00 00 9a 31 4f 77 - f0 33 0c 00 00 00 00 00
......1Ow.3......
0000000000e60000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e60010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e60020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e60030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e60040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e60050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x3c4 <----*

eax=00108250 ebx=77d4b762 ecx=00000002 edx=7c90eb94 esi=010460d8
edi=00000000
eip=7c90eb94 esp=00e9ff14 ebp=00e9ff44 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00e9ff44 01011e8b 00000000 00e9ffb4 77f7f5de ntdll!KiFastSystemCallRet
00e9ff50 77f7f5de 010460d8 0000005c 0007fc04 explorer+0x11e8b
00e9ffb4 7c80b50b 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x369
00e9ffec 00000000 77f7f56f 0007fdbc 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e9ff14 f5 93 d4 77 40 1a 00 01 - 00 00 00 00 d8 60 04 01
....w@........`..
0000000000e9ff24 00 00 00 00 4c 01 05 00 - 13 01 00 00 09 00 00 00
.....L...........
0000000000e9ff34 00 00 00 00 51 6e 05 00 - ef 00 00 00 22 01 00 00
.....Qn......"...
0000000000e9ff44 50 ff e9 00 8b 1e 01 01 - 00 00 00 00 b4 ff e9 00
P...............
0000000000e9ff54 de f5 f7 77 d8 60 04 01 - 5c 00 00 00 04 fc 07 00
....w.`..\.......
0000000000e9ff64 bc fd 07 00 62 1e 01 01 - b1 79 01 01 b4 01 00 00
.....b....y......
0000000000e9ff74 d8 60 04 01 08 00 00 00 - 00 00 00 00 00 00 00 00
..`..............
0000000000e9ff84 00 00 00 00 00 00 00 00 - b0 9a fe 83 41 a8 4f 80
.............A.O.
0000000000e9ff94 00 00 00 00 00 00 00 00 - 00 00 00 00 21 a8 4f 80
.............!.O.
0000000000e9ffa4 9c 5c 06 f6 00 00 00 00 - 00 00 00 00 dc e2 90 7c
..\.............|
0000000000e9ffb4 ec ff e9 00 0b b5 80 7c - 00 00 00 00 5c 00 00 00
........|....\...
0000000000e9ffc4 04 fc 07 00 bc fd 07 00 - 00 b0 fd 7f 00 46 3c 84
..............F<.
0000000000e9ffd4 c0 ff e9 00 d0 68 09 84 - ff ff ff ff f3 99 83 7c
......h.........|
0000000000e9ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
0000000000e9fff4 6f f5 f7 77 bc fd 07 00 - 00 00 00 00 00 00 00 00
o..w............
0000000000ea0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ea0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ea0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ea0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ea0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x230 <----*

eax=7c92798d ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff
edi=7c90fb78
eip=7c90eb94 esp=00edff9c ebp=00edffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00edffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
00edffec 00000000 7c92798d 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000edff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff ed 00
\..|.y.|........
0000000000edffac 00 00 00 00 00 00 00 80 - ec ff ed 00 0b b5 80 7c
................|
0000000000edffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00
.....x..|........
0000000000edffcc 00 a0 fd 7f 00 46 3c 84 - c0 ff ed 00 50 6a f7 83
......F<.....Pj..
0000000000edffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
0000000000edffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00
..........y.|....
0000000000edfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ee00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x354 <----*

eax=ffffffe1 ebx=00000000 ecx=00000000 edx=000922c8 esi=7c97c380
edi=7c97c3a0
eip=7c90eb94 esp=00f1ff70 ebp=00f1ffb4 iopl=0 nv up ei ng nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00f1ffb4 7c80b50b 00000000 00e9fce4 00e9fce8 ntdll!KiFastSystemCallRet
00f1ffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f1ff70 1b e3 90 7c 9d 07 91 7c - dc 01 00 00 ac ff f1 00
....|...|........
0000000000f1ff80 b0 ff f1 00 98 ff f1 00 - a0 ff f1 00 e4 fc e9 00
.................
0000000000f1ff90 e8 fc e9 00 00 00 00 00 - 00 00 00 00 50 c6 0d 00
.............P...
0000000000f1ffa0 00 7c 28 e8 ff ff ff ff - 35 ec 6e 80 69 75 92 7c
..|(.....5.n.iu.|
0000000000f1ffb0 48 b4 0d 00 ec ff f1 00 - 0b b5 80 7c 00 00 00 00
H..........|....
0000000000f1ffc0 e4 fc e9 00 e8 fc e9 00 - 00 00 00 00 00 90 fd 7f
.................
0000000000f1ffd0 00 46 3c 84 c0 ff f1 00 - 50 6a f7 83 ff ff ff ff
..F<.....Pj......
0000000000f1ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000000f1fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00
.....`..|........
0000000000f20000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f20090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f200a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x53c <----*

eax=000000c0 ebx=00000000 ecx=00e9fb00 edx=00000000 esi=00000000
edi=00000001
eip=7c90eb94 esp=00f5fcec ebp=00f5ffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00f5ffb4 7c80b50b 00000000 00000020 00e9fce4 ntdll!KiFastSystemCallRet
00f5ffec 00000000 7c929fae 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f5fcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd f5 00
....|...|....0...
0000000000f5fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00
............. ...
0000000000f5fd0c e4 fc e9 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c
............|...|
0000000000f5fd1c e4 01 00 00 3c 05 00 00 - 03 00 00 00 03 00 00 00
.....<...........
0000000000f5fd2c 02 00 00 00 e0 01 00 00 - c8 01 00 00 94 03 00 00
.................
0000000000f5fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f5fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x5f0 <----*

eax=000000c0 ebx=00fffd58 ecx=00001000 edx=7c90eb94 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=00fffd30 ebp=00fffdcc iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00fffdcc 77d4bbfe 00000008 00fffdf4 00000000 ntdll!KiFastSystemCallRet
00fffe28 7c9f43d9 00000007 00fffe50 ffffffff USER32!SetWindowTextW+0x120
00ffff4c 7ca3114e 77f7f5de 00000000 7c809988
SHELL32!SHCreateShellFolderView+0x3d6b
00ffffb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
00ffffec 00000000 77f7f56f 00e9f4d4 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fffd30 ab e9 90 7c f2 94 80 7c - 08 00 00 00 58 fd ff 00
....|...|....X...
0000000000fffd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fffd50 08 00 00 00 02 00 00 00 - a0 03 00 00 4c 02 00 00
.............L...
0000000000fffd60 9c 02 00 00 98 02 00 00 - 10 02 00 00 2c 02 00 00
.............,...
0000000000fffd70 30 02 00 00 04 02 00 00 - 14 00 00 00 01 00 00 00
0...............
0000000000fffd80 d0 ac 0c 00 00 00 00 00 - 00 00 00 00 18 00 00 00
.................
0000000000fffd90 f0 e8 55 00 01 04 00 00 - 00 f0 fd 7f 00 70 fd 7f
...U..........p..
0000000000fffda0 f8 44 9f 7c 00 00 00 00 - 58 fd ff 00 85 93 d4 77
..D.|....X......w
0000000000fffdb0 08 00 00 00 4c fd ff 00 - 00 00 00 00 dc ff ff 00
.....L...........
0000000000fffdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe ff 00
....|...|....(...
0000000000fffdd0 fe bb d4 77 08 00 00 00 - f4 fd ff 00 00 00 00 00
....w............
0000000000fffde0 ff ff ff ff 01 00 00 00 - a0 8e 0f 00 07 00 00 00
.................
0000000000fffdf0 00 00 00 00 a0 03 00 00 - 4c 02 00 00 9c 02 00 00
.........L.......
0000000000fffe00 98 02 00 00 10 02 00 00 - 2c 02 00 00 30 02 00 00
.........,...0...
0000000000fffe10 04 02 00 00 c0 b2 00 00 - 00 00 00 00 01 00 00 00
.................
0000000000fffe20 00 70 fd 7f 04 02 00 00 - 4c ff ff 00 d9 43 9f 7c
..p......L....C.|
0000000000fffe30 07 00 00 00 50 fe ff 00 - ff ff ff ff ff 04 00 00
.....P...........
0000000000fffe40 f4 fd ff 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fffe50 a0 03 00 00 4c 02 00 00 - 9c 02 00 00 98 02 00 00
.....L...........
0000000000fffe60 10 02 00 00 2c 02 00 00 - 30 02 00 00 a0 8e 0f 00
.....,...0.......

*----> State Dump for Thread Id 0x7b8 <----*

eax=00000000 ebx=00004e20 ecx=0010a128 edx=7c90eb94 esi=00b8fd68
edi=77d491a3
eip=7c90eb94 esp=00b8fcf8 ebp=00b8fd14 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00b8fd14 76281513 00b8fd68 00000000 00000000 ntdll!KiFastSystemCallRet
00b8fd8c 76283746 76280000 00000000 00050104 stobject+0x1513
00b8ffb4 7c80b50b 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x1fa4
00b8ffec 00000000 762836f7 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000b8fcf8 9b 91 d4 77 ce 91 d4 77 - 68 fd b8 00 00 00 00 00
....w...wh.......
0000000000b8fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd b8 00
.................
0000000000b8fd18 13 15 28 76 68 fd b8 00 - 00 00 00 00 00 00 00 00
...(vh...........
0000000000b8fd28 00 00 00 00 00 00 00 00 - 00 00 28 76 00 00 00 00
...........(v....
0000000000b8fd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00
0....@..!.(v....
0000000000b8fd48 1e 00 00 00 00 00 28 76 - 3d 01 10 00 11 00 01 00
.......(v=.......
0000000000b8fd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00
..........1(v....
0000000000b8fd68 04 01 05 00 13 01 00 00 - 07 00 00 00 00 00 00 00
.................
0000000000b8fd78 e5 6b 04 00 60 00 00 00 - 0c 02 00 00 00 00 00 00
..k..`...........
0000000000b8fd88 00 00 00 00 b4 ff b8 00 - 46 37 28 76 00 00 28 76
.........F7(v..(v
0000000000b8fd98 00 00 00 00 04 01 05 00 - 01 00 00 00 00 00 00 00
.................
0000000000b8fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00
C.:.\.W.I.N.D.O.
0000000000b8fdb8 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00
W.S.\.s.y.s.t.e.
0000000000b8fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00
m.3.2.\.s.t.o.b.
0000000000b8fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00
j.e.c.t...d.l.l.
0000000000b8fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff b8 00
....|............
0000000000b8fdf8 23 00 00 00 56 08 81 7c - 1b 00 00 00 00 02 00 00
#...V..|........
0000000000b8fe08 fc ff b0 00 2c fb e1 f5 - 00 43 3c 84 38 b0 54 80
.....,....C<.8.T.
0000000000b8fe18 00 00 04 00 b0 9a fe 83 - d8 ee ff 83 40 2c 00 c0
.............@,..
0000000000b8fe28 00 00 00 00 00 ff b0 01 - f0 ee ff 83 00 00 00 00
.................

*----> State Dump for Thread Id 0x768 <----*

eax=72d230e8 ebx=00bcfef8 ecx=00000013 edx=00000000 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=00bcfed0 ebp=00bcff6c iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
00bcff6c 7c809c86 00000002 00bcffa4 00000000 ntdll!KiFastSystemCallRet
00bcff88 72d2312a 00000002 00bcffa4 00000000
kernel32!WaitForMultipleObjects+0x18
00bcffb4 7c80b50b 00000000 00000000 00090000 wdmaud!midMessage+0x348
00bcffec 00000000 72d230e8 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000bcfed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe bc 00
....|...|........
0000000000bcfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfef0 00 00 00 00 00 00 00 00 - 70 03 00 00 64 03 00 00
.........p...d...
0000000000bcff00 ff ff ff ff b8 5c 08 f6 - bc 5c 08 f6 00 80 00 00
......\...\......
0000000000bcff10 14 5d 08 f6 2c b5 14 84 - 14 00 00 00 01 00 00 00
..]..,...........
0000000000bcff20 70 2d 0f 00 00 00 00 00 - 00 00 00 00 c4 b3 14 84
p-..............
0000000000bcff30 70 18 2d 84 87 f6 57 80 - 00 f0 fd 7f 00 40 fd 7f
p.-...W......@..
0000000000bcff40 00 40 fd 7f 00 00 00 00 - f8 fe bc 00 00 00 00 00
..@..............
0000000000bcff50 02 00 00 00 ec fe bc 00 - 00 00 00 00 dc ff bc 00
.................
0000000000bcff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff bc 00
....|...|........
0000000000bcff70 86 9c 80 7c 02 00 00 00 - a4 ff bc 00 00 00 00 00
....|............
0000000000bcff80 ff ff ff ff 00 00 00 00 - b4 ff bc 00 2a 31 d2 72
.............*1.r
0000000000bcff90 02 00 00 00 a4 ff bc 00 - 00 00 00 00 ff ff ff ff
.................
0000000000bcffa0 00 00 09 00 70 03 00 00 - 64 03 00 00 00 00 00 00
.....p...d.......
0000000000bcffb0 dc e2 90 7c ec ff bc 00 - 0b b5 80 7c 00 00 00 00
....|.......|....
0000000000bcffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 40 fd 7f
..............@..
0000000000bcffd0 00 46 3c 84 c0 ff bc 00 - 08 40 fd 83 ff ff ff ff
..F<......@......
0000000000bcffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000000bcfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00
......0.r........
0000000000bd0000 c8 00 00 00 f4 01 00 00 - ff ee ff ee 02 00 00 00
.................

*----> State Dump for Thread Id 0x730 <----*

eax=77e76bf0 ebx=00000000 ecx=0000000c edx=003c36b0 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=00d3fe1c ebp=00d3ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00d3ff80 77e76c22 00d3ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
00d3ff88 77e76a3b 000b68c8 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
00d3ffa8 77e76c0a 000b6780 00d3ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00d3ffb4 7c80b50b 000ddb38 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
00d3ffec 00000000 77e76bf0 000ddb38 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d3fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff d3 00
....|.g.w....p...
0000000000d3fe2c 00 00 00 00 28 90 10 00 - 4c ff d3 00 18 20 39 84
.....(...L.... 9.
0000000000d3fe3c 7c fb e1 f5 77 38 56 80 - a4 6f 19 84 d4 6f 19 84
|...w8V..o...o..
0000000000d3fe4c 30 6f 19 84 1e 00 f8 00 - d8 25 8d e2 3c 00 f8 00
0o.......%..<...
0000000000d3fe5c f6 25 8d e2 14 20 39 84 - 6a 34 4e 80 58 fb e1 f5 .%...
9.j4N.X...
0000000000d3fe6c e4 6f 19 84 6e 0a 57 80 - 18 20 39 84 00 00 00 00
..o..n.W.. 9.....
0000000000d3fe7c b8 06 00 e1 a0 fb e1 f5 - 00 5a 3c 84 38 b0 54 80
..........Z<.8.T.
0000000000d3fe8c 00 00 00 00 c0 6f 19 84 - 30 6f 19 84 4c 6f 19 84
......o..0o..Lo..
0000000000d3fe9c 30 6f 19 84 00 cd 81 e2 - 00 70 19 84 00 00 00 00
0o.......p......
0000000000d3feac 00 00 00 00 d8 00 00 00 - a4 fb e1 f5 00 00 00 00
.................
0000000000d3febc 05 00 00 00 d0 fb e1 f5 - 35 7d 56 80 30 6f 19 84
.........5}V.0o..
0000000000d3fecc 00 00 00 00 98 fc e1 f5 - 8c f4 b8 00 64 f4 b8 00
.............d...
0000000000d3fedc 6a 00 f8 00 c8 25 8d e2 - 30 6f 19 84 00 00 00 00
j....%..0o......
0000000000d3feec 00 00 00 00 54 fd e1 f5 - bc 1f 57 80 34 00 00 c0
.....T.....W.4...
0000000000d3fefc 00 00 00 00 01 00 00 00 - 30 6f 19 84 80 00 00 00
.........0o......
0000000000d3ff0c 38 fc e1 f5 db 1f 57 80 - bc e1 33 84 24 fc e1 f5
8.....W...3.$...
0000000000d3ff1c 62 c8 4d 80 6a c8 4d 80 - 8c e1 33 84 20 e0 33 84
b.M.j.M...3. .3.
0000000000d3ff2c 54 e0 33 84 80 ff d3 00 - 99 66 e7 77 4c ff d3 00
T.3......f.wL...
0000000000d3ff3c a9 66 e7 77 ed 10 90 7c - 50 28 12 00 38 db 0d 00
..f.w...|P(..8...
0000000000d3ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x184 <----*

eax=77e76bf0 ebx=00000000 ecx=00000008 edx=00000000 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=0161fe1c ebp=0161ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0161ff80 77e76c22 0161ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
0161ff88 77e76a3b 000b68c8 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5ea
0161ffa8 77e76c0a 000b6780 0161ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0161ffb4 7c80b50b 0010a348 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5d2
0161ffec 00000000 77e76bf0 0010a348 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000161fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff 61 01
....|.g.w....p.a.
000000000161fe2c 00 00 00 00 30 a9 0f 00 - 4c ff 61 01 00 00 00 00
.....0...L.a.....
000000000161fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161feec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161fefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000161ff0c 00 00 00 00 00 00 00 00 - ac 07 05 84 24 7c 44 f6
.............$|D.
000000000161ff1c 62 c8 4d 80 6a c8 4d 80 - 7c 07 05 84 10 06 05 84
b.M.j.M.|.......
000000000161ff2c 44 06 05 84 80 ff 61 01 - 99 66 e7 77 4c ff 61 01
D.....a..f.wL.a.
000000000161ff3c a9 66 e7 77 ed 10 90 7c - c8 07 0e 00 48 a3 10 00
..f.w...|....H...
000000000161ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x5f4 <----*

eax=000011f7 ebx=00000440 ecx=00001110 edx=00145000 esi=0165ff98
edi=77d6ea45
eip=7c90eb94 esp=0165ff54 ebp=0165ff78 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0165ff78 76b44e3d 0165ff98 00000000 00000000 ntdll!KiFastSystemCallRet
0165ffb4 7c80b50b 00000440 00000200 0000002b WINMM!PlaySoundW+0x7e6
0165ffec 00000000 76b44dd6 00000440 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000165ff54 9b 91 d4 77 85 ea d6 77 - 98 ff 65 01 00 00 00 00
....w...w..e.....
000000000165ff64 00 00 00 00 00 00 00 00 - 40 04 00 00 45 ea d6 77
[email protected]
000000000165ff74 00 00 00 00 b4 ff 65 01 - 3d 4e b4 76 98 ff 65 01
.......e.=N.v..e.
000000000165ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00
.................
000000000165ff94 2b 00 00 00 ee 00 04 00 - bc 03 00 00 40 47 0f 00
+...........@G..
000000000165ffa4 00 00 00 00 52 52 04 00 - 5e 00 00 00 12 02 00 00
.....RR..^.......
000000000165ffb4 ec ff 65 01 0b b5 80 7c - 40 04 00 00 00 02 00 00
...e....|@.......
000000000165ffc4 2b 00 00 00 40 04 00 00 - 00 d0 fa 7f 00 46 3c 84
[email protected]<.
000000000165ffd4 c0 ff 65 01 70 36 11 84 - ff ff ff ff f3 99 83 7c
...e.p6.........|
000000000165ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
000000000165fff4 d6 4d b4 76 40 04 00 00 - 00 00 00 00 00 00 00 00
..M.v@...........
0000000001660004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001660084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x104 <----*

eax=02030000 ebx=0169cc34 ecx=00001000 edx=7c90eb94 esi=0000051c
edi=00000000
eip=7c90eb94 esp=0169cc18 ebp=0169cf20 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\BROWSEUI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHDOCVW.dll -
ChildEBP RetAddr Args to Child
0169cf20 7c965714 0169d0c0 0169d394 00000083 ntdll!KiFastSystemCallRet
0169d060 7c9661a1 0169d0c0 00000057 c0000005 ntdll!RtlTraceDatabaseAdd+0x1b9
0169d398 7c94ea5f 00000083 fffffffe fffffffe
ntdll!RtlUnhandledExceptionFilter+0xb2
0169d3ec 7c93783a 00000083 00000057 0169d480
ntdll!RtlInitializeSListHead+0x15a4f
0169d468 7c90eafa 00000000 0169d49c 0169d480 ntdll!LdrAddRefDll+0x221
0169d770 01ea9b33 01e54363 0169d7dc 01e54371
ntdll!KiUserExceptionDispatcher+0xe
0169d798 01e54450 01e56879 00000000 01ee953c SDHelper+0x59b33
0169d7e8 7c9011a7 01e50000 00000001 00000000 SDHelper+0x4450
0169d808 7c91cbab 01ee952c 01e50000 00000001 ntdll!LdrInitializeThunk+0x29
0169d910 7c916178 00000000 c0150008 00000000
ntdll!LdrFindResourceDirectory_U+0x276
0169dbbc 7c9162da 00000000 000d88d0 0169deb0
ntdll!RtlValidateUnicodeString+0x506
0169de64 7c801bb9 000d88d0 0169deb0 0169de90 ntdll!LdrLoadDll+0x110
0169decc 775308e8 0169df48 00000000 00000008 kernel32!LoadLibraryExW+0xc8
0169def0 77530804 0169df48 0169df14 0169df18 ole32!CoGetTreatAsClass+0xff2
0169df20 7752fc38 0169df48 0169e224 0169df40 ole32!CoGetTreatAsClass+0xf0e
0169e16c 7752fb5b 00000001 0169e224 0169e19c ole32!CoGetTreatAsClass+0x342
0169e1b4 7752fab9 00000001 000b9de4 0169e1dc ole32!CoGetTreatAsClass+0x265
0169e1e0 7752f651 0169e224 00000000 0169e818 ole32!CoGetTreatAsClass+0x1c3
0169e25c 7752f4f5 776063d8 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x22c1
0169e29c 7752f7a4 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169e2f0 7752f71b 776063dc 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2414
0169e310 7753052b 776063dc 00000001 00000000
ole32!CoFreeUnusedLibrariesEx+0x238b
0169e330 775304e2 776063d4 0169e674 00000000 ole32!CoGetTreatAsClass+0xc35
0169e368 7752f805 776063d4 0169e674 00000000 ole32!CoGetTreatAsClass+0xbec
0169e390 7752f4f5 776063d4 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2475
0169e3d0 7752f490 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169e620 7752f4f5 7760639c 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2100
0169e660 7752f33a 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169ee10 77526000 0169ef54 00000000 00000001
ole32!CoFreeUnusedLibrariesEx+0x1faa
0169ee38 77525fcf 0169ef54 00000000 00000001 ole32!CoCreateInstanceEx+0x4f
0169ee5c 7752603d 0169ef54 00000000 00000001 ole32!CoCreateInstanceEx+0x1e
0169ee8c 77fc1fd0 0169ef54 00000000 00000001 ole32!CoCreateInstance+0x34
0169eeb0 75fa7f60 0169ef54 00000000 00000001 SHLWAPI!Ordinal565+0x43
0169efe8 75fac970 00000001 0013c01c 0013c01c BROWSEUI!Ordinal107+0x54a1
0169f04c 7778dca4 000d42e8 76006bf8 000d42fc BROWSEUI!Ordinal107+0x9eb1
0169f068 75f82cd9 0013c01c 000500e4 00000001 SHDOCVW!Ordinal210+0x10a4
0169f084 75fb037b 000d42fc 000500e4 00000001 BROWSEUI!Ordinal113+0x2cd9
0169f0c0 75fadd50 000d42e8 000500e4 00000001 BROWSEUI!Ordinal103+0x164a
0169f0ec 77d48709 000d42e8 00000001 00000000 BROWSEUI!Ordinal107+0xb291
0169f118 77d487eb 75fadc51 000500e4 00000001 USER32!GetDC+0x72
0169f180 77d4b368 00000000 75fadc51 000500e4 USER32!GetDC+0x154
0169f1d4 77d4e840 0054c6d0 00000001 00000000 USER32!DefWindowProcW+0x183
0169f204 7c90eae3 0169f214 00000088 00000088 USER32!GetSystemMenu+0x88
0169f73c 77d518a4 00000100 0169f7c0 0169f7d4
ntdll!KiUserCallbackDispatcher+0x13
0169f7e8 77d51b08 00000100 75f8bd44 0169f7d4
USER32!UserClientDllInitialize+0x9eb
0169f824 77f72baf 00000100 75f8bd44 0169fd1c USER32!CreateWindowExW+0x33
0169fc9c 75fae714 00000100 75f8bd44 0169fd1c SHLWAPI!Ordinal55+0x5f
0169ff28 75faea19 00107f30 00000000 00000000 BROWSEUI!Ordinal107+0xbc55
0169ffb4 7c80b50b 00107f30 00000000 00000000 BROWSEUI!Ordinal107+0xbf5a
0169ffec 00000000 75fae9d5 00107f30 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000169cc18 ab e9 90 7c d5 33 86 7c - 02 00 00 00 50 cd 69 01
....|.3.|....P.i.
000000000169cc28 01 00 00 00 01 00 00 00 - 00 00 00 00 43 00 3a 00
.............C.:.
000000000169cc38 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00
\.W.I.N.D.O.W.S.
000000000169cc48 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00
\.s.y.s.t.e.m.3.
000000000169cc58 32 00 5c 00 64 00 72 00 - 77 00 74 00 73 00 6e 00
2.\.d.r.w.t.s.n.
000000000169cc68 33 00 32 00 20 00 2d 00 - 70 00 20 00 31 00 32 00 3.2.
..-.p. .1.2.
000000000169cc78 32 00 30 00 20 00 2d 00 - 65 00 20 00 31 00 33 00 2.0.
..-.e. .1.3.
000000000169cc88 30 00 38 00 20 00 2d 00 - 67 00 00 00 00 00 00 00 0.8.
..-.g.......
000000000169cc98 2e 00 00 00 00 00 00 00 - 00 00 00 00 20 cf 69 01
............. .i.
000000000169cca8 0f 32 86 7c 05 00 00 00 - 20 cf 69 01 41 32 86 7c
..2.|.... .i.A2.|
000000000169ccb8 69 32 86 7c 00 00 00 00 - 00 00 00 00 c0 d0 69 01
i2.|..........i.
000000000169ccc8 44 00 00 00 00 00 00 00 - 78 34 86 7c 00 00 00 00
D.......x4.|....
000000000169ccd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000169cce8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000169ccf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000169cd08 00 00 00 00 00 c0 fa 7f - d8 c0 97 7c 00 00 00 00
............|....
000000000169cd18 00 00 00 00 00 c0 fa 7f - 00 00 00 00 00 00 00 00
.................
000000000169cd28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000169cd38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000169cd48 00 00 00 00 00 00 00 00 - 1c 05 00 00 28 05 00 00
.............(...

*----> State Dump for Thread Id 0xfc <----*

eax=00000000 ebx=00000000 ecx=00000002 edx=00000003 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=0203fc10 ebp=0203fc98 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0203fc98 7c90104b 0197c0d8 7c927357 7c97c0d8 ntdll!KiFastSystemCallRet
0203fd18 7c90eac7 0203fd2c 7c900000 00000000
ntdll!RtlEnterCriticalSection+0x46
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7

*----> Raw Stack Dump <----*
000000000203fc10 c0 e9 90 7c 1b 90 91 7c - 18 05 00 00 00 00 00 00
....|...|........
000000000203fc20 00 00 00 00 00 60 fd 7f - 00 f0 fd 7f 00 00 00 00
......`..........
000000000203fc30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc40 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fc90 00 00 00 00 18 05 00 00 - 18 fd 03 02 4b 10 90 7c
.............K..|
000000000203fca0 d8 c0 97 01 57 73 92 7c - d8 c0 97 7c 2c fd 03 02
.....Ws.|...|,...
000000000203fcb0 04 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fcc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fcd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fce0 00 00 00 00 00 00 00 00 - 00 60 fd 7f 00 00 00 00
..........`......
000000000203fcf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fd00 ac fc 03 02 00 00 00 00 - ff ff ff ff 18 ee 90 7c
................|
000000000203fd10 00 8e 91 7c ff ff ff ff - 00 00 00 00 c7 ea 90 7c
....|...........|
000000000203fd20 2c fd 03 02 00 00 90 7c - 00 00 00 00 17 00 01 00
,......|........
000000000203fd30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000203fd40 00 00 00 00 00 00 00 00 - 28 52 fd 83 01 00 00 00
.........(R......



<END PASTE>
*****************************

 

[MaxZ]

By the Way. . .

Everything seems to work fine in safe mode. Does that help?

Hi All.

A boot off the CD and repair of the existing operating system did not work.
The same problems exist.

As for DR Watson, here are the last snippets of the log file. Crashes seem
to be Explorer.exe for all in the log file. Below is the last entry
(Otherwise the post is too large). I can post more if needed.

Ideas?

*****************************
<Begin Paste>
Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=1220)
When: 11/15/2005 @ 10:41:42.625
Exception number: 80000007
()

*----> System Information <----*
Computer Name: SUSANBPC
User Name: Susanb
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 1
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: susanb

*----> Task List <----*
0 System Process
4 System
572 smss.exe
644 csrss.exe
668 winlogon.exe
712 services.exe
724 lsass.exe
880 svchost.exe
956 svchost.exe
1048 svchost.exe
1128 svchost.exe
1268 svchost.exe
1428 spoolsv.exe
1616 DefWatch.exe
1724 Rtvscan.exe
236 alg.exe
1236 VPTray.exe
1244 jusched.exe
1280 Acrotray.exe
1316 TSTimer.exe
2008 ntvdm.exe
1208 wuauclt.exe
1220 explorer.exe
308 cmd.exe
244 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe
(0000000001160000 - 0000000001172000: C:\WINDOWS\system32\browselc.dll
(0000000001e50000 - 0000000001f25000: C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
(0000000010000000 - 000000001000e000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000005f0e0000 - 000000005f106000: C:\WINDOWS\System32\nwprovau.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\system32\webcheck.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINDOWS\system32\msi.dll

*----> State Dump for Thread Id 0x218 <----*

eax=0011a64c ebx=00000003 ecx=7777a638 edx=77762030 esi=00119f58
edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca32c57 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 00119f58 7ffdf000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 000205e2 explorer+0x16e95
0007ffc0 7c816d4f 00e2b8a0 0006e890 7ffdf000 explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 f5 93 d4 77 ee 95 a3 7c - ac 92 80 7c 58 9f 11 00
...w...|...|X...
000000000007ff00 58 9f 11 00 14 ff 07 00 - 14 ff 07 00 57 2c a3 7c
X...........W,.|
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 58 9f 11 00
....\....n..X...
000000000007ff20 00 f0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00
............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c ed aa 80 7c
P.......'..|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 34 09 04 00
............4...
000000000007ff50 a0 00 00 00 01 00 00 00 - 58 9f 11 00 c0 ff 07 00
........X.......
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 e2 05 02 00
................
000000000007ff70 05 00 00 00 a0 b8 e2 00 - 90 e8 06 00 44 00 00 00
............D...
000000000007ff80 34 06 02 00 14 06 02 00 - e4 05 02 00 00 00 00 00
4...............
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00
................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00
....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000007ffc0 f0 ff 07 00 4f 6d 81 7c - a0 b8 e2 00 90 e8 06 00
....Om.|........
000000000007ffd0 00 f0 fd 7f 38 b0 54 80 - c8 ff 07 00 38 39 1b 84
....8.T.....89..
000000000007ffe0 ff ff ff ff f3 99 83 7c - 58 6d 81 7c 00 00 00 00
.......|Xm.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00
........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx
........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00
........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00
............4...

*----> State Dump for Thread Id 0x214 <----*

eax=00e0ff54 ebx=00000000 ecx=000b68c8 edx=7c90eb94 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=00e0fe1c ebp=00e0ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00e0ff80 77e76c22 00e0ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
00e0ff88 77e76a3b 000b68c8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00e0ffa8 77e76c0a 000b6780 00e0ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00e0ffb4 7c80b50b 000c0d68 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00e0ffec 00000000 77e76bf0 000c0d68 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e0fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff e0 00
...|.g.w....p...
0000000000e0fe2c 00 00 00 00 b8 90 11 00 - 4c ff e0 00 b0 cc 57 80
........L.....W.
0000000000e0fe3c cb cc 57 80 64 5d 0a f6 - 78 f4 07 00 27 cc 57 80
..W.d]..x...'.W.
0000000000e0fe4c 37 47 56 80 30 6f 19 84 - 38 39 1b 84 70 3b 3c 84
7GV.0o..89..p;<.
0000000000e0fe5c 70 c5 56 80 28 f9 07 00 - 04 00 00 00 00 c6 56 80
p.V.(.........V.
0000000000e0fe6c 64 5d 0a f6 5c 02 00 00 - 05 00 00 00 00 91 4e 80
d]..\.........N.
0000000000e0fe7c 00 00 00 00 38 39 1b 84 - 88 5b 0a f6 25 44 56 80
....89...[..%DV.
0000000000e0fe8c 05 00 00 00 05 00 00 00 - 98 10 07 e1 f8 82 01 e1
................
0000000000e0fe9c 02 00 00 00 fe ff f8 00 - 98 ff 6b e1 98 10 07 e1
..........k.....
0000000000e0feac b0 35 56 00 00 00 00 00 - 00 00 00 00 5c 00 52 00
.5V.........\.R.
0000000000e0febc ff ff ff ff 28 5c 0a f6 - 6c 38 56 80 49 03 00 00
....(\..l8V.I...
0000000000e0fecc 34 00 00 c0 30 6f 19 84 - 48 71 00 e1 9a 00 00 00
4...0o..Hq......
0000000000e0fedc 9e 01 00 00 00 30 50 c0 - 04 39 50 c0 01 60 f1 77
.....0P..9P..`.w
0000000000e0feec 00 00 00 00 fc 5b 0a f6 - e0 78 4e 80 9a 00 00 00
.....[...xN.....
0000000000e0fefc 9e 01 00 00 01 52 83 77 - 01 00 00 00 9c 36 50 c0
.....R.w.....6P.
0000000000e0ff0c a8 9c fe 83 70 63 f1 77 - 3c 19 06 84 24 5c 0a f6
....pc.w<...$\..
0000000000e0ff1c 62 c8 4d 80 6a c8 4d 80 - 0c 19 06 84 a0 17 06 84
b.M.j.M.........
0000000000e0ff2c d4 17 06 84 80 ff e0 00 - 99 66 e7 77 4c ff e0 00
.........f.wL...
0000000000e0ff3c a9 66 e7 77 ed 10 90 7c - f8 f9 0b 00 68 0d 0c 00
.f.w...|....h...
0000000000e0ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
../M.....]......

*----> State Dump for Thread Id 0x358 <----*

eax=774f319a ebx=00007530 ecx=7ffdf000 edx=00000000 esi=00000000
edi=00e5ff50
eip=7c90eb94 esp=00e5ff20 ebp=00e5ff78 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00e5ff78 7c802451 0000ea60 00000000 00e5ffb4 ntdll!KiFastSystemCallRet
00e5ff88 774f2fcb 0000ea60 000c33f0 774f314d kernel32!Sleep+0xf
00e5ffb4 7c80b50b 000c33f0 7c910945 7c91094e ole32!StringFromGUID2+0x2d1
00e5ffec 00000000 774f319a 000c33f0 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e5ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff e5 00
\..|.#.|....P...
0000000000e5ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00
P%.|.V`w0u......
0000000000e5ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00
................
0000000000e5ff50 00 ba 3c dc ff ff ff ff - fc fe e5 00 50 ff e5 00
..<.........P...
0000000000e5ff60 30 ff e5 00 fc fe e5 00 - dc ff e5 00 f3 99 83 7c
0..............|
0000000000e5ff70 58 24 80 7c 00 00 00 00 - 88 ff e5 00 51 24 80 7c
X$.|........Q$.|
0000000000e5ff80 60 ea 00 00 00 00 00 00 - b4 ff e5 00 cb 2f 4f 77
`............/Ow
0000000000e5ff90 60 ea 00 00 f0 33 0c 00 - 4d 31 4f 77 00 00 00 00
`....3..M1Ow....
0000000000e5ffa0 45 09 91 7c f0 33 0c 00 - 00 00 4e 77 b5 31 4f 77
E..|.3....Nw.1Ow
0000000000e5ffb0 4e 09 91 7c ec ff e5 00 - 0b b5 80 7c f0 33 0c 00
N..|.......|.3..
0000000000e5ffc0 45 09 91 7c 4e 09 91 7c - f0 33 0c 00 00 c0 fd 7f
E..|N..|.3......
0000000000e5ffd0 00 46 3c 84 c0 ff e5 00 - d0 68 09 84 ff ff ff ff
.F<......h......
0000000000e5ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
...|...|........
0000000000e5fff0 00 00 00 00 9a 31 4f 77 - f0 33 0c 00 00 00 00 00
.....1Ow.3......
0000000000e60000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000e60010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000e60020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000e60030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000e60040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000e60050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x3c4 <----*

eax=00108250 ebx=77d4b762 ecx=00000002 edx=7c90eb94 esi=010460d8
edi=00000000
eip=7c90eb94 esp=00e9ff14 ebp=00e9ff44 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00e9ff44 01011e8b 00000000 00e9ffb4 77f7f5de ntdll!KiFastSystemCallRet
00e9ff50 77f7f5de 010460d8 0000005c 0007fc04 explorer+0x11e8b
00e9ffb4 7c80b50b 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x369
00e9ffec 00000000 77f7f56f 0007fdbc 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e9ff14 f5 93 d4 77 40 1a 00 01 - 00 00 00 00 d8 60 04 01
...w@........`..
0000000000e9ff24 00 00 00 00 4c 01 05 00 - 13 01 00 00 09 00 00 00
....L...........
0000000000e9ff34 00 00 00 00 51 6e 05 00 - ef 00 00 00 22 01 00 00
....Qn......"...
0000000000e9ff44 50 ff e9 00 8b 1e 01 01 - 00 00 00 00 b4 ff e9 00
P...............
0000000000e9ff54 de f5 f7 77 d8 60 04 01 - 5c 00 00 00 04 fc 07 00
...w.`..\.......
0000000000e9ff64 bc fd 07 00 62 1e 01 01 - b1 79 01 01 b4 01 00 00
....b....y......
0000000000e9ff74 d8 60 04 01 08 00 00 00 - 00 00 00 00 00 00 00 00
.`..............
0000000000e9ff84 00 00 00 00 00 00 00 00 - b0 9a fe 83 41 a8 4f 80
............A.O.
0000000000e9ff94 00 00 00 00 00 00 00 00 - 00 00 00 00 21 a8 4f 80
............!.O.
0000000000e9ffa4 9c 5c 06 f6 00 00 00 00 - 00 00 00 00 dc e2 90 7c
.\.............|
0000000000e9ffb4 ec ff e9 00 0b b5 80 7c - 00 00 00 00 5c 00 00 00
.......|....\...
0000000000e9ffc4 04 fc 07 00 bc fd 07 00 - 00 b0 fd 7f 00 46 3c 84
.............F<.
0000000000e9ffd4 c0 ff e9 00 d0 68 09 84 - ff ff ff ff f3 99 83 7c
.....h.........|
0000000000e9ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
...|............
0000000000e9fff4 6f f5 f7 77 bc fd 07 00 - 00 00 00 00 00 00 00 00
o..w............
0000000000ea0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ea0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ea0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ea0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ea0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x230 <----*

eax=7c92798d ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff
edi=7c90fb78
eip=7c90eb94 esp=00edff9c ebp=00edffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00edffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
00edffec 00000000 7c92798d 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000edff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff ed 00
\..|.y.|........
0000000000edffac 00 00 00 00 00 00 00 80 - ec ff ed 00 0b b5 80 7c
...............|
0000000000edffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00
....x..|........
0000000000edffcc 00 a0 fd 7f 00 46 3c 84 - c0 ff ed 00 50 6a f7 83
.....F<.....Pj..
0000000000edffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
.......|...|....
0000000000edffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00
.........y.|....
0000000000edfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000ee00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x354 <----*

eax=ffffffe1 ebx=00000000 ecx=00000000 edx=000922c8 esi=7c97c380
edi=7c97c3a0
eip=7c90eb94 esp=00f1ff70 ebp=00f1ffb4 iopl=0 nv up ei ng nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00f1ffb4 7c80b50b 00000000 00e9fce4 00e9fce8 ntdll!KiFastSystemCallRet
00f1ffec 00000000 7c910760 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f1ff70 1b e3 90 7c 9d 07 91 7c - dc 01 00 00 ac ff f1 00
...|...|........
0000000000f1ff80 b0 ff f1 00 98 ff f1 00 - a0 ff f1 00 e4 fc e9 00
................
0000000000f1ff90 e8 fc e9 00 00 00 00 00 - 00 00 00 00 50 c6 0d 00
............P...
0000000000f1ffa0 00 7c 28 e8 ff ff ff ff - 35 ec 6e 80 69 75 92 7c
.|(.....5.n.iu.|
0000000000f1ffb0 48 b4 0d 00 ec ff f1 00 - 0b b5 80 7c 00 00 00 00
H..........|....
0000000000f1ffc0 e4 fc e9 00 e8 fc e9 00 - 00 00 00 00 00 90 fd 7f
................
0000000000f1ffd0 00 46 3c 84 c0 ff f1 00 - 50 6a f7 83 ff ff ff ff
.F<.....Pj......
0000000000f1ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
...|...|........
0000000000f1fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00
....`..|........
0000000000f20000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f20090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f200a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x53c <----*

eax=000000c0 ebx=00000000 ecx=00e9fb00 edx=00000000 esi=00000000
edi=00000001
eip=7c90eb94 esp=00f5fcec ebp=00f5ffb4 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00f5ffb4 7c80b50b 00000000 00000020 00e9fce4 ntdll!KiFastSystemCallRet
00f5ffec 00000000 7c929fae 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f5fcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd f5 00
...|...|....0...
0000000000f5fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00
............ ...
0000000000f5fd0c e4 fc e9 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c
...........|...|
0000000000f5fd1c e4 01 00 00 3c 05 00 00 - 03 00 00 00 03 00 00 00
....<...........
0000000000f5fd2c 02 00 00 00 e0 01 00 00 - c8 01 00 00 94 03 00 00
................
0000000000f5fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000f5fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x5f0 <----*

eax=000000c0 ebx=00fffd58 ecx=00001000 edx=7c90eb94 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=00fffd30 ebp=00fffdcc iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00fffdcc 77d4bbfe 00000008 00fffdf4 00000000 ntdll!KiFastSystemCallRet
00fffe28 7c9f43d9 00000007 00fffe50 ffffffff USER32!SetWindowTextW+0x120
00ffff4c 7ca3114e 77f7f5de 00000000 7c809988
SHELL32!SHCreateShellFolderView+0x3d6b
00ffffb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
00ffffec 00000000 77f7f56f 00e9f4d4 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fffd30 ab e9 90 7c f2 94 80 7c - 08 00 00 00 58 fd ff 00
...|...|....X...
0000000000fffd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000fffd50 08 00 00 00 02 00 00 00 - a0 03 00 00 4c 02 00 00
............L...
0000000000fffd60 9c 02 00 00 98 02 00 00 - 10 02 00 00 2c 02 00 00
............,...
0000000000fffd70 30 02 00 00 04 02 00 00 - 14 00 00 00 01 00 00 00
0...............
0000000000fffd80 d0 ac 0c 00 00 00 00 00 - 00 00 00 00 18 00 00 00
................
0000000000fffd90 f0 e8 55 00 01 04 00 00 - 00 f0 fd 7f 00 70 fd 7f
..U..........p..
0000000000fffda0 f8 44 9f 7c 00 00 00 00 - 58 fd ff 00 85 93 d4 77
.D.|....X......w
0000000000fffdb0 08 00 00 00 4c fd ff 00 - 00 00 00 00 dc ff ff 00
....L...........
0000000000fffdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe ff 00
...|...|....(...
0000000000fffdd0 fe bb d4 77 08 00 00 00 - f4 fd ff 00 00 00 00 00
...w............
0000000000fffde0 ff ff ff ff 01 00 00 00 - a0 8e 0f 00 07 00 00 00
................
0000000000fffdf0 00 00 00 00 a0 03 00 00 - 4c 02 00 00 9c 02 00 00
........L.......
0000000000fffe00 98 02 00 00 10 02 00 00 - 2c 02 00 00 30 02 00 00
........,...0...
0000000000fffe10 04 02 00 00 c0 b2 00 00 - 00 00 00 00 01 00 00 00
................
0000000000fffe20 00 70 fd 7f 04 02 00 00 - 4c ff ff 00 d9 43 9f 7c
.p......L....C.|
0000000000fffe30 07 00 00 00 50 fe ff 00 - ff ff ff ff ff 04 00 00
....P...........
0000000000fffe40 f4 fd ff 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000fffe50 a0 03 00 00 4c 02 00 00 - 9c 02 00 00 98 02 00 00
....L...........
0000000000fffe60 10 02 00 00 2c 02 00 00 - 30 02 00 00 a0 8e 0f 00
....,...0.......

*----> State Dump for Thread Id 0x7b8 <----*

eax=00000000 ebx=00004e20 ecx=0010a128 edx=7c90eb94 esi=00b8fd68
edi=77d491a3
eip=7c90eb94 esp=00b8fcf8 ebp=00b8fd14 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00b8fd14 76281513 00b8fd68 00000000 00000000 ntdll!KiFastSystemCallRet
00b8fd8c 76283746 76280000 00000000 00050104 stobject+0x1513
00b8ffb4 7c80b50b 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x1fa4
00b8ffec 00000000 762836f7 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000b8fcf8 9b 91 d4 77 ce 91 d4 77 - 68 fd b8 00 00 00 00 00
...w...wh.......
0000000000b8fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd b8 00
................
0000000000b8fd18 13 15 28 76 68 fd b8 00 - 00 00 00 00 00 00 00 00
..(vh...........
0000000000b8fd28 00 00 00 00 00 00 00 00 - 00 00 28 76 00 00 00 00
..........(v....
0000000000b8fd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00
0....@..!.(v....
0000000000b8fd48 1e 00 00 00 00 00 28 76 - 3d 01 10 00 11 00 01 00
......(v=.......
0000000000b8fd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00
.........1(v....
0000000000b8fd68 04 01 05 00 13 01 00 00 - 07 00 00 00 00 00 00 00
................
0000000000b8fd78 e5 6b 04 00 60 00 00 00 - 0c 02 00 00 00 00 00 00
.k..`...........
0000000000b8fd88 00 00 00 00 b4 ff b8 00 - 46 37 28 76 00 00 28 76
........F7(v..(v
0000000000b8fd98 00 00 00 00 04 01 05 00 - 01 00 00 00 00 00 00 00
................
0000000000b8fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00
C.:.\.W.I.N.D.O.
0000000000b8fdb8 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00
W.S.\.s.y.s.t.e.
0000000000b8fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00
m.3.2.\.s.t.o.b.
0000000000b8fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00
j.e.c.t...d.l.l.
0000000000b8fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff b8 00
...|............
0000000000b8fdf8 23 00 00 00 56 08 81 7c - 1b 00 00 00 00 02 00 00
#...V..|........
0000000000b8fe08 fc ff b0 00 2c fb e1 f5 - 00 43 3c 84 38 b0 54 80
....,....C<.8.T.
0000000000b8fe18 00 00 04 00 b0 9a fe 83 - d8 ee ff 83 40 2c 00 c0
............@,..
0000000000b8fe28 00 00 00 00 00 ff b0 01 - f0 ee ff 83 00 00 00 00
................

*----> State Dump for Thread Id 0x768 <----*

eax=72d230e8 ebx=00bcfef8 ecx=00000013 edx=00000000 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=00bcfed0 ebp=00bcff6c iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
00bcff6c 7c809c86 00000002 00bcffa4 00000000 ntdll!KiFastSystemCallRet
00bcff88 72d2312a 00000002 00bcffa4 00000000
kernel32!WaitForMultipleObjects+0x18
00bcffb4 7c80b50b 00000000 00000000 00090000 wdmaud!midMessage+0x348
00bcffec 00000000 72d230e8 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000bcfed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe bc 00
...|...|........
0000000000bcfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000bcfef0 00 00 00 00 00 00 00 00 - 70 03 00 00 64 03 00 00
........p...d...
0000000000bcff00 ff ff ff ff b8 5c 08 f6 - bc 5c 08 f6 00 80 00 00
.....\...\......
0000000000bcff10 14 5d 08 f6 2c b5 14 84 - 14 00 00 00 01 00 00 00
.]..,...........
0000000000bcff20 70 2d 0f 00 00 00 00 00 - 00 00 00 00 c4 b3 14 84
p-..............
0000000000bcff30 70 18 2d 84 87 f6 57 80 - 00 f0 fd 7f 00 40 fd 7f
p.-...W......@..
0000000000bcff40 00 40 fd 7f 00 00 00 00 - f8 fe bc 00 00 00 00 00
.@..............
0000000000bcff50 02 00 00 00 ec fe bc 00 - 00 00 00 00 dc ff bc 00
................
0000000000bcff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff bc 00
...|...|........
0000000000bcff70 86 9c 80 7c 02 00 00 00 - a4 ff bc 00 00 00 00 00
...|............
0000000000bcff80 ff ff ff ff 00 00 00 00 - b4 ff bc 00 2a 31 d2 72
............*1.r
0000000000bcff90 02 00 00 00 a4 ff bc 00 - 00 00 00 00 ff ff ff ff
................
0000000000bcffa0 00 00 09 00 70 03 00 00 - 64 03 00 00 00 00 00 00
....p...d.......
0000000000bcffb0 dc e2 90 7c ec ff bc 00 - 0b b5 80 7c 00 00 00 00
...|.......|....
0000000000bcffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 40 fd 7f
.............@..
0000000000bcffd0 00 46 3c 84 c0 ff bc 00 - 08 40 fd 83 ff ff ff ff
.F<......@......
0000000000bcffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
...|...|........
0000000000bcfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00
.....0.r........
0000000000bd0000 c8 00 00 00 f4 01 00 00 - ff ee ff ee 02 00 00 00
................

*----> State Dump for Thread Id 0x730 <----*

eax=77e76bf0 ebx=00000000 ecx=0000000c edx=003c36b0 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=00d3fe1c ebp=00d3ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00d3ff80 77e76c22 00d3ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
00d3ff88 77e76a3b 000b68c8 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
00d3ffa8 77e76c0a 000b6780 00d3ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00d3ffb4 7c80b50b 000ddb38 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
00d3ffec 00000000 77e76bf0 000ddb38 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d3fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff d3 00
...|.g.w....p...
0000000000d3fe2c 00 00 00 00 28 90 10 00 - 4c ff d3 00 18 20 39 84
....(...L.... 9.
0000000000d3fe3c 7c fb e1 f5 77 38 56 80 - a4 6f 19 84 d4 6f 19 84
|...w8V..o...o..
0000000000d3fe4c 30 6f 19 84 1e 00 f8 00 - d8 25 8d e2 3c 00 f8 00
0o.......%..<...
0000000000d3fe5c f6 25 8d e2 14 20 39 84 - 6a 34 4e 80 58 fb e1 f5 .%...
9.j4N.X...
0000000000d3fe6c e4 6f 19 84 6e 0a 57 80 - 18 20 39 84 00 00 00 00
.o..n.W.. 9.....
0000000000d3fe7c b8 06 00 e1 a0 fb e1 f5 - 00 5a 3c 84 38 b0 54 80
.........Z<.8.T.
0000000000d3fe8c 00 00 00 00 c0 6f 19 84 - 30 6f 19 84 4c 6f 19 84
.....o..0o..Lo..
0000000000d3fe9c 30 6f 19 84 00 cd 81 e2 - 00 70 19 84 00 00 00 00
0o.......p......
0000000000d3feac 00 00 00 00 d8 00 00 00 - a4 fb e1 f5 00 00 00 00
................
0000000000d3febc 05 00 00 00 d0 fb e1 f5 - 35 7d 56 80 30 6f 19 84
........5}V.0o..
0000000000d3fecc 00 00 00 00 98 fc e1 f5 - 8c f4 b8 00 64 f4 b8 00
............d...
0000000000d3fedc 6a 00 f8 00 c8 25 8d e2 - 30 6f 19 84 00 00 00 00
j....%..0o......
0000000000d3feec 00 00 00 00 54 fd e1 f5 - bc 1f 57 80 34 00 00 c0
....T.....W.4...
0000000000d3fefc 00 00 00 00 01 00 00 00 - 30 6f 19 84 80 00 00 00
........0o......
0000000000d3ff0c 38 fc e1 f5 db 1f 57 80 - bc e1 33 84 24 fc e1 f5
8.....W...3.$...
0000000000d3ff1c 62 c8 4d 80 6a c8 4d 80 - 8c e1 33 84 20 e0 33 84
b.M.j.M...3. .3.
0000000000d3ff2c 54 e0 33 84 80 ff d3 00 - 99 66 e7 77 4c ff d3 00
T.3......f.wL...
0000000000d3ff3c a9 66 e7 77 ed 10 90 7c - 50 28 12 00 38 db 0d 00
.f.w...|P(..8...
0000000000d3ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
../M.....]......

*----> State Dump for Thread Id 0x184 <----*

eax=77e76bf0 ebx=00000000 ecx=00000008 edx=00000000 esi=000b68c8
edi=000b696c
eip=7c90eb94 esp=0161fe1c ebp=0161ff80 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0161ff80 77e76c22 0161ffa8 77e76a3b 000b68c8 ntdll!KiFastSystemCallRet
0161ff88 77e76a3b 000b68c8 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5ea
0161ffa8 77e76c0a 000b6780 0161ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0161ffb4 7c80b50b 0010a348 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5d2
0161ffec 00000000 77e76bf0 0010a348 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000161fe1c 99 e3 90 7c 03 67 e7 77 - 9c 01 00 00 70 ff 61 01
...|.g.w....p.a.
000000000161fe2c 00 00 00 00 30 a9 0f 00 - 4c ff 61 01 00 00 00 00
....0...L.a.....
000000000161fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161feec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161fefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000161ff0c 00 00 00 00 00 00 00 00 - ac 07 05 84 24 7c 44 f6
............$|D.
000000000161ff1c 62 c8 4d 80 6a c8 4d 80 - 7c 07 05 84 10 06 05 84
b.M.j.M.|.......
000000000161ff2c 44 06 05 84 80 ff 61 01 - 99 66 e7 77 4c ff 61 01
D.....a..f.wL.a.
000000000161ff3c a9 66 e7 77 ed 10 90 7c - c8 07 0e 00 48 a3 10 00
.f.w...|....H...
000000000161ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
../M.....]......

*----> State Dump for Thread Id 0x5f4 <----*

eax=000011f7 ebx=00000440 ecx=00001110 edx=00145000 esi=0165ff98
edi=77d6ea45
eip=7c90eb94 esp=0165ff54 ebp=0165ff78 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0165ff78 76b44e3d 0165ff98 00000000 00000000 ntdll!KiFastSystemCallRet
0165ffb4 7c80b50b 00000440 00000200 0000002b WINMM!PlaySoundW+0x7e6
0165ffec 00000000 76b44dd6 00000440 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000165ff54 9b 91 d4 77 85 ea d6 77 - 98 ff 65 01 00 00 00 00
...w...w..e.....
000000000165ff64 00 00 00 00 00 00 00 00 - 40 04 00 00 45 ea d6 77
[email protected]
000000000165ff74 00 00 00 00 b4 ff 65 01 - 3d 4e b4 76 98 ff 65 01
......e.=N.v..e.
000000000165ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00
................
000000000165ff94 2b 00 00 00 ee 00 04 00 - bc 03 00 00 40 47 0f 00
+...........@G..
000000000165ffa4 00 00 00 00 52 52 04 00 - 5e 00 00 00 12 02 00 00
....RR..^.......
000000000165ffb4 ec ff 65 01 0b b5 80 7c - 40 04 00 00 00 02 00 00
..e....|@.......
000000000165ffc4 2b 00 00 00 40 04 00 00 - 00 d0 fa 7f 00 46 3c 84
[email protected]<.
000000000165ffd4 c0 ff 65 01 70 36 11 84 - ff ff ff ff f3 99 83 7c
..e.p6.........|
000000000165ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
...|............
000000000165fff4 d6 4d b4 76 40 04 00 00 - 00 00 00 00 00 00 00 00
.M.v@...........
0000000001660004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000001660084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> State Dump for Thread Id 0x104 <----*

eax=02030000 ebx=0169cc34 ecx=00001000 edx=7c90eb94 esi=0000051c
edi=00000000
eip=7c90eb94 esp=0169cc18 ebp=0169cf20 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\BROWSEUI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHDOCVW.dll -
ChildEBP RetAddr Args to Child
0169cf20 7c965714 0169d0c0 0169d394 00000083 ntdll!KiFastSystemCallRet
0169d060 7c9661a1 0169d0c0 00000057 c0000005 ntdll!RtlTraceDatabaseAdd+0x1b9
0169d398 7c94ea5f 00000083 fffffffe fffffffe
ntdll!RtlUnhandledExceptionFilter+0xb2
0169d3ec 7c93783a 00000083 00000057 0169d480
ntdll!RtlInitializeSListHead+0x15a4f
0169d468 7c90eafa 00000000 0169d49c 0169d480 ntdll!LdrAddRefDll+0x221
0169d770 01ea9b33 01e54363 0169d7dc 01e54371
ntdll!KiUserExceptionDispatcher+0xe
0169d798 01e54450 01e56879 00000000 01ee953c SDHelper+0x59b33
0169d7e8 7c9011a7 01e50000 00000001 00000000 SDHelper+0x4450
0169d808 7c91cbab 01ee952c 01e50000 00000001 ntdll!LdrInitializeThunk+0x29
0169d910 7c916178 00000000 c0150008 00000000
ntdll!LdrFindResourceDirectory_U+0x276
0169dbbc 7c9162da 00000000 000d88d0 0169deb0
ntdll!RtlValidateUnicodeString+0x506
0169de64 7c801bb9 000d88d0 0169deb0 0169de90 ntdll!LdrLoadDll+0x110
0169decc 775308e8 0169df48 00000000 00000008 kernel32!LoadLibraryExW+0xc8
0169def0 77530804 0169df48 0169df14 0169df18 ole32!CoGetTreatAsClass+0xff2
0169df20 7752fc38 0169df48 0169e224 0169df40 ole32!CoGetTreatAsClass+0xf0e
0169e16c 7752fb5b 00000001 0169e224 0169e19c ole32!CoGetTreatAsClass+0x342
0169e1b4 7752fab9 00000001 000b9de4 0169e1dc ole32!CoGetTreatAsClass+0x265
0169e1e0 7752f651 0169e224 00000000 0169e818 ole32!CoGetTreatAsClass+0x1c3
0169e25c 7752f4f5 776063d8 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x22c1
0169e29c 7752f7a4 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169e2f0 7752f71b 776063dc 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2414
0169e310 7753052b 776063dc 00000001 00000000
ole32!CoFreeUnusedLibrariesEx+0x238b
0169e330 775304e2 776063d4 0169e674 00000000 ole32!CoGetTreatAsClass+0xc35
0169e368 7752f805 776063d4 0169e674 00000000 ole32!CoGetTreatAsClass+0xbec
0169e390 7752f4f5 776063d4 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2475
0169e3d0 7752f490 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169e620 7752f4f5 7760639c 00000000 0169e818
ole32!CoFreeUnusedLibrariesEx+0x2100
0169e660 7752f33a 0169e818 00000000 0169ed64
ole32!CoFreeUnusedLibrariesEx+0x2165
0169ee10 77526000 0169ef54 00000000 00000001
ole32!CoFreeUnusedLibrariesEx+0x1faa
0169ee38 77525fcf 0169ef54 00000000 00000001 ole32!CoCreateInstanceEx+0x4f
0169ee5c 7752603d 0169ef54 00000000 00000001 ole32!CoCreateInstanceEx+0x1e
0169ee8c 77fc1fd0 0169ef54 00000000 00000001 ole32!CoCreateInstance+0x34
0169eeb0 75fa7f60 0169ef54 00000000 00000001 SHLWAPI!Ordinal565+0x43
0169efe8 75fac970 00000001 0013c01c 0013c01c BROWSEUI!Ordinal107+0x54a1
0169f04c 7778dca4 000d42e8 76006bf8 000d42fc BROWSEUI!Ordinal107+0x9eb1
0169f068 75f82cd9 0013c01c 000500e4 00000001 SHDOCVW!Ordinal210+0x10a4
0169f084 75fb037b 000d42fc 000500e4 00000001 BROWSEUI!Ordinal113+0x2cd9
0169f0c0 75fadd50 000d42e8 000500e4 00000001 BROWSEUI!Ordinal103+0x164a
0169f0ec 77d48709 000d42e8 00000001 00000000 BROWSEUI!Ordinal107+0xb291
0169f118 77d487eb 75fadc51 000500e4 00000001 USER32!GetDC+0x72
0169f180 77d4b368 00000000 75fadc51 000500e4 USER32!GetDC+0x154
0169f1d4 77d4e840 0054c6d0 00000001 00000000 USER32!DefWindowProcW+0x183
0169f204 7c90eae3 0169f214 00000088 00000088 USER32!GetSystemMenu+0x88
0169f73c 77d518a4 00000100 0169f7c0 0169f7d4
ntdll!KiUserCallbackDispatcher+0x13
0169f7e8 77d51b08 00000100 75f8bd44 0169f7d4
USER32!UserClientDllInitialize+0x9eb
0169f824 77f72baf 00000100 75f8bd44 0169fd1c USER32!CreateWindowExW+0x33
0169fc9c 75fae714 00000100 75f8bd44 0169fd1c SHLWAPI!Ordinal55+0x5f
0169ff28 75faea19 00107f30 00000000 00000000 BROWSEUI!Ordinal107+0xbc55
0169ffb4 7c80b50b 00107f30 00000000 00000000 BROWSEUI!Ordinal107+0xbf5a
0169ffec 00000000 75fae9d5 00107f30 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000169cc18 ab e9 90 7c d5 33 86 7c - 02 00 00 00 50 cd 69 01
...|.3.|....P.i.
000000000169cc28 01 00 00 00 01 00 00 00 - 00 00 00 00 43 00 3a 00
............C.:.
000000000169cc38 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00
\.W.I.N.D.O.W.S.
000000000169cc48 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00
\.s.y.s.t.e.m.3.
000000000169cc58 32 00 5c 00 64 00 72 00 - 77 00 74 00 73 00 6e 00
2.\.d.r.w.t.s.n.
000000000169cc68 33 00 32 00 20 00 2d 00 - 70 00 20 00 31 00 32 00 3.2.
.-.p. .1.2.
000000000169cc78 32 00 30 00 20 00 2d 00 - 65 00 20 00 31 00 33 00 2.0.
.-.e. .1.3.
000000000169cc88 30 00 38 00 20 00 2d 00 - 67 00 00 00 00 00 00 00 0.8.
.-.g.......
000000000169cc98 2e 00 00 00 00 00 00 00 - 00 00 00 00 20 cf 69 01
............ .i.
000000000169cca8 0f 32 86 7c 05 00 00 00 - 20 cf 69 01 41 32 86 7c
.2.|.... .i.A2.|
000000000169ccb8 69 32 86 7c 00 00 00 00 - 00 00 00 00 c0 d0 69 01
i2.|..........i.
000000000169ccc8 44 00 00 00 00 00 00 00 - 78 34 86 7c 00 00 00 00
D.......x4.|....
000000000169ccd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000169cce8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000169ccf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000169cd08 00 00 00 00 00 c0 fa 7f - d8 c0 97 7c 00 00 00 00
...........|....
000000000169cd18 00 00 00 00 00 c0 fa 7f - 00 00 00 00 00 00 00 00
................
000000000169cd28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000169cd38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000169cd48 00 00 00 00 00 00 00 00 - 1c 05 00 00 28 05 00 00
............(...

*----> State Dump for Thread Id 0xfc <----*

eax=00000000 ebx=00000000 ecx=00000002 edx=00000003 esi=7c97c0d8
edi=00000000
eip=7c90eb94 esp=0203fc10 ebp=0203fc98 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0203fc98 7c90104b 0197c0d8 7c927357 7c97c0d8 ntdll!KiFastSystemCallRet
0203fd18 7c90eac7 0203fd2c 7c900000 00000000
ntdll!RtlEnterCriticalSection+0x46
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7

*----> Raw Stack Dump <----*
000000000203fc10 c0 e9 90 7c 1b 90 91 7c - 18 05 00 00 00 00 00 00
...|...|........
000000000203fc20 00 00 00 00 00 60 fd 7f - 00 f0 fd 7f 00 00 00 00
.....`..........
000000000203fc30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc40 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fc90 00 00 00 00 18 05 00 00 - 18 fd 03 02 4b 10 90 7c
............K..|
000000000203fca0 d8 c0 97 01 57 73 92 7c - d8 c0 97 7c 2c fd 03 02
....Ws.|...|,...
000000000203fcb0 04 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fcc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fcd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fce0 00 00 00 00 00 00 00 00 - 00 60 fd 7f 00 00 00 00
.........`......
000000000203fcf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fd00 ac fc 03 02 00 00 00 00 - ff ff ff ff 18 ee 90 7c
...............|
000000000203fd10 00 8e 91 7c ff ff ff ff - 00 00 00 00 c7 ea 90 7c
...|...........|
000000000203fd20 2c fd 03 02 00 00 90 7c - 00 00 00 00 17 00 01 00
,......|........
000000000203fd30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000203fd40 00 00 00 00 00 00 00 00 - 28 52 fd 83 01 00 00 00
........(R......



<END PASTE>
*****************************

Even though you were asked, you have yet to give us the Dr. Watson error
message.

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Sharon F]

I was thinking the same thing, that there is some sort of conflict causing
the explorer.exe error.

Either way, i needed to get the PC working, so I opted for a fresh install.
After multiple attempts, each ending with a screwed up installation, i've
decided the problem is most likely either a fault in the HD causing
incosistancies, or a fault on the controller causing incosistancies. I'm
opting with the HD first. I am going to replace it and retry.

Was it ever a corruption? Well, all the scans, fixes, sfc, etc did not
help. So that points to no. But then, the error did come about suddenly.
Yes, safe mode did work, but is it possible it draws on different/protected
files that normally run explorer.exe does not? The world may never know. .
. .

Safe Mode uses different drivers than normal mode. And it does not launch
most startup items. So in a way - yes, it's "protected." Usually if things
work okay in safe mode there is a problem with a driver somewhere (or a
problem with a seemingly innocuous startup item) and that can be very
difficult to trace.

I once had a system that was plagued by mysterious errors- odd errors
during operations, odd troubles installing software, things that worked one
day would suddenly not work the next but then would work the day after.

All kinds of troubleshooting done but nothing stood out. A bit later I
upgraded the RAM and while doing that discovered one slot was not
cooperating as it should. Long story short: That one slot was shot. As long
as RAM was not used there, everything worked perfectly.

My guess about what happened is that a short in the memory slot was caused
by an errant cat hair. I remember clearly having to chase an overly curious
pet away several times while originally assembling that system.