Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows xp Explorer crashes on start up

Started by acura_man77 , Feb 25 2005 03:17 PM

  • Please log in to reply

#1
acura_man77
Posted 25 February 2005 - 03:17 PM

acura_man77

    New Member

  • Member
  • Pip
  • 3 posts
It seems almost random, but each morning when I start up my computer for work it will come to the desktop and the start up programs will load and then windows explorer will crash once and reload, then i try to access my desktop and it crashes again , followed by the infamous Dr Watson has perfomred an ...blah blah. then my desktop completely locks and all i can do is ctrl alt delete out or manually restart. So I did my home work and researched Dr watson and discovered that he was not my true problem that the good dr only crashes when something else is wrong, which brings me to you guys, I studied your forums and completed all the initial steps to clean my system off and low and behold the next day it ran fine, the next 3 days it ran fine then upon the 4th day it was the same situation all over again. so i completed a hijack this file and posted it here, please help...

Logfile of HijackThis v1.99.0
Scan saved at 3:16:10 PM, on 2/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Jesse White\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.camemphis...-bin/calendar/"); (C:\Documents and Settings\Jesse White\Application Data\Mozilla\Profiles\default\swrt3p4g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jesse White\Application Data\Mozilla\Profiles\default\swrt3p4g.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://eqoaforums.station.sony.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://ravantivirus....n/ravonline.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cadudes.local
O17 - HKLM\Software\..\Telephony: DomainName = cadudes.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cadudes.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cadudes.local
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UPS - UPSentry Service - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
  • 0

Advertisements

#2
acura_man77
Posted 26 February 2005 - 09:14 AM

acura_man77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I also found this through Dr watson...

Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=1464)
When: 4/19/2003 @ 10:58:27.531
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: JESSE1
User Name: Jesse White
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Jesse White

*----> Task List <----*
0 System Process
4 System
580 smss.exe
652 csrss.exe
676 winlogon.exe
720 services.exe
732 lsass.exe
916 svchost.exe
1016 svchost.exe
1104 svchost.exe
1180 svchost.exe
1464 Explorer.EXE
1492 spoolsv.exe
1528 ccEvtMgr.exe
1736 DSentry.exe
1744 mm_tray.exe
1752 ccApp.exe
1780 DirectCD.exe
1804 Support.exe
252 Ati2evxx.exe
264 cisvc.exe
340 navapsvc.exe
3224 cidaemon.exe
3264 cidaemon.exe
3564 UltraMon.exe
3612 UltraMonTaskbar.exe
1156 svchost.exe
3156 iexplore.exe
1232 msmsgs.exe
2808 drwtsn32.exe
2688 dwwin.exe
3368 Q814033_WXP_SP2_x86_ENU.exe
2728 xpsp1hfm.exe
3788 update.exe

*----> Module List <----*
(0000000001000000 - 00000000010f8000: C:\WINDOWS\Explorer.EXE
(0000000001300000 - 0000000001501000: C:\WINDOWS\System32\msi.dll
(000000000ffd0000 - 000000000fff3000: C:\WINDOWS\System32\rsaenh.dll
(0000000010000000 - 0000000010026000: C:\Program Files\UltraMon\RTSUltraMonHook.dll
(000000001f7b0000 - 000000001f7e1000: C:\WINDOWS\System32\ODBC32.dll
(000000001f850000 - 000000001f866000: C:\WINDOWS\System32\odbcint.dll
(0000000032520000 - 0000000032532000: C:\Program Files\Microsoft Office\Office10\msohev.dll
(00000000559e0000 - 0000000055a51000: C:\WINDOWS\System32\themeui.dll
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\UxTheme.dll
(0000000069450000 - 0000000069463000: C:\WINDOWS\System32\faultrep.dll
(000000006c1b0000 - 000000006c1f4000: C:\WINDOWS\System32\DUSER.dll
(000000006c450000 - 000000006c476000: C:\WINDOWS\System32\dskquoui.dll
(000000006c480000 - 000000006c498000: C:\WINDOWS\System32\dskquota.dll
(0000000070a70000 - 0000000070ad4000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad8000: C:\WINDOWS\System32\wsock32.dll
(0000000071b20000 - 0000000071b31000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1d000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\System32\netapi32.dll
(0000000071c80000 - 0000000071c86000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071ccc000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce6000: C:\WINDOWS\System32\NETUI0.dll
(0000000072430000 - 0000000072442000: C:\WINDOWS\System32\browselc.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000073b30000 - 0000000073b43000: C:\WINDOWS\System32\mscms.dll
(0000000073d50000 - 0000000073d60000: C:\WINDOWS\System32\cryptnet.dll
(0000000074ad0000 - 0000000074ad7000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074af0000 - 0000000074af9000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b00000 - 0000000074b20000: C:\WINDOWS\System32\stobject.dll
(0000000074b30000 - 0000000074b71000: C:\WINDOWS\System32\webcheck.dll
(0000000074b80000 - 0000000074c02000: C:\WINDOWS\System32\printui.dll
(0000000075970000 - 0000000075a61000: C:\WINDOWS\System32\MSGINA.dll
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075cf0000 - 0000000075e81000: C:\WINDOWS\system32\NETSHELL.dll
(0000000075e90000 - 0000000075f37000: C:\WINDOWS\System32\SXS.DLL
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\appHelp.dll
(0000000075f60000 - 0000000075f66000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\System32\BROWSEUI.dll
(00000000760f0000 - 000000007616a000: C:\WINDOWS\system32\urlmon.dll
(0000000076170000 - 00000000761f8000: C:\WINDOWS\System32\shdoclc.dll
(0000000076200000 - 0000000076298000: C:\WINDOWS\system32\WININET.dll
(00000000762a0000 - 00000000762af000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 0000000076348000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\System32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661b000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076620000 - 000000007666e000: C:\WINDOWS\System32\cscui.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000076980000 - 0000000076987000: C:\WINDOWS\System32\LINKINFO.dll
(0000000076990000 - 00000000769b4000: C:\WINDOWS\System32\ntshrui.dll
(00000000769c0000 - 0000000076b0a000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076c00000 - 0000000076c2d000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5b000: C:\WINDOWS\System32\WINTRUST.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076ce0000 - 0000000076cff000: C:\WINDOWS\System32\NTMARTA.DLL
(0000000076d60000 - 0000000076d77000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINDOWS\System32\adsldpc.dll
(0000000076e40000 - 0000000076e6f000: C:\WINDOWS\System32\ACTIVEDS.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000076fd0000 - 0000000077048000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d1000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc7000: C:\WINDOWS\system32\SHELL32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077cb0000: C:\WINDOWS\system32\GDI32.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078086000: C:\WINDOWS\system32\RPCRT4.dll

*----> State Dump for Thread Id 0x5bc <----*

eax=00000dac ebx=000c30d0 ecx=000000cb edx=00000000 esi=000c30d0 edi=00000000
eip=7ffe0304 esp=0006fefc ebp=0006ff14 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0006fef8 77d43c6b 774262a7 77e7a29b 000c30d0 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0006ff14 7741c7d4 00000000 0101243e 000c30d0 USER32!WaitMessage+0xc
0006ff5c 01016132 01000000 00000000 000206b2 SHELL32!Ordinal201+0x24
0006ffc0 77e814c7 00000000 00000000 7ffdf000 Explorer+0x16132
0006fff0 00000000 010160cc 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44

*----> Raw Stack Dump <----*
000000000006fefc 6b 3c d4 77 a7 62 42 77 - 9b a2 e7 77 d0 30 0c 00 k<.w.bBw...w.0..
000000000006ff0c d0 30 0c 00 5c ff 06 00 - 5c ff 06 00 d4 c7 41 77 .0..\...\.....Aw
000000000006ff1c 00 00 00 00 3e 24 01 01 - d0 30 0c 00 00 f0 fd 7f ....>$...0......
000000000006ff2c c0 ff 06 00 00 00 00 00 - 18 ff 06 00 41 60 f7 77 ............A`.w
000000000006ff3c 99 ef e7 77 ff ff ff ff - 0c 00 00 00 97 64 f7 77 ...w.........d.w
000000000006ff4c 7c ef e7 77 00 00 00 00 - b9 44 00 00 5c 00 00 00 |..w.....D..\...
000000000006ff5c c0 ff 06 00 32 61 01 01 - 00 00 00 01 00 00 00 00 ....2a..........
000000000006ff6c b2 06 02 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ff7c 44 00 00 00 04 07 02 00 - e4 06 02 00 b4 06 02 00 D...............
000000000006ff8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ff9c 0d 1c dd 77 44 00 00 00 - c4 f9 06 00 01 00 00 00 ...wD...........
000000000006ffac 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ffbc 00 00 00 00 f0 ff 06 00 - c7 14 e8 77 00 00 00 00 ...........w....
000000000006ffcc 00 00 00 00 00 f0 fd 7f - f0 0c c2 eb c8 ff 06 00 ................
000000000006ffdc 8f c8 53 80 ff ff ff ff - 09 48 e9 77 10 12 e9 77 ..S......H.w...w
000000000006ffec 00 00 00 00 00 00 00 00 - 00 00 00 00 cc 60 01 01 .............`..
000000000006fffc 00 00 00 00 41 63 74 78 - 20 00 00 00 01 00 00 00 ....Actx .......
000000000007000c 4c 06 00 00 7c 00 00 00 - 00 00 00 00 20 00 00 00 L...|....... ...
000000000007001c 00 00 00 00 14 00 00 00 - 01 00 00 00 03 00 00 00 ................
000000000007002c 34 00 00 00 ac 00 00 00 - 01 00 00 00 00 00 00 00 4...............

*----> State Dump for Thread Id 0x674 <----*

eax=00000001 ebx=77d45485 ecx=00000019 edx=00000000 esi=0103f0f8 edi=00000000
eip=7ffe0304 esp=00caff18 ebp=00caff48 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00caff14 77d43c6b 01001aa2 00000000 0103f0f8 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00caff48 01011be7 00000000 70a7df5f 0103f0f8 USER32!WaitMessage+0xc
00caffb4 77e7d33b 00000000 00000000 00000004 Explorer+0x11be7
00caffec 00000000 70a7def2 0006fed8 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000caff18 6b 3c d4 77 a2 1a 00 01 - 00 00 00 00 f8 f0 03 01 k<.w............
0000000000caff28 00 00 00 00 74 00 01 00 - 13 01 00 00 0a 00 00 00 ....t...........
0000000000caff38 00 00 00 00 7d f9 22 00 - c4 03 00 00 0f 00 00 00 ....}.".........
0000000000caff48 b4 ff ca 00 e7 1b 01 01 - 00 00 00 00 5f df a7 70 ............_..p
0000000000caff58 f8 f0 03 01 00 00 00 00 - 04 00 00 00 d8 fe 06 00 ................
0000000000caff68 c2 1b 01 01 5d 29 01 01 - 0c 01 00 00 f8 f0 03 01 ....])..........
0000000000caff78 08 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000caff88 00 00 00 00 01 4c a9 eb - 00 00 00 00 d8 55 13 82 .....L.......U..
0000000000caff98 6b b8 4f 80 00 00 00 00 - 00 00 00 00 00 00 00 00 k.O.............
0000000000caffa8 00 00 00 00 a8 4c a9 eb - 30 62 f7 77 ec ff ca 00 .....L..0b.w....
0000000000caffb8 3b d3 e7 77 00 00 00 00 - 00 00 00 00 04 00 00 00 ;..w............
0000000000caffc8 d8 fe 06 00 00 00 00 00 - 00 d0 fd 7f c0 ff ca 00 ................
0000000000caffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77 .........H.w.=.w
0000000000caffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f2 de a7 70 ...............p
0000000000cafff8 d8 fe 06 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cb0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cb0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cb0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cb0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cb0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x678 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=70a760ed edi=77e74e36
eip=7ffe0304 esp=00ceff9c ebp=00ceffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00ceff98 77f75ab4 77f6c2c7 00000001 00ceffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
00ceffb4 77e7d33b 00000000 77e74e36 70a760ed ntdll!ZwDelayExecution+0xc
00ceffec 00000000 77f6c282 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000ceff9c b4 5a f7 77 c7 c2 f6 77 - 01 00 00 00 ac ff ce 00 .Z.w...w........
0000000000ceffac 00 00 00 00 00 00 00 80 - ec ff ce 00 3b d3 e7 77 ............;..w
0000000000ceffbc 00 00 00 00 36 4e e7 77 - ed 60 a7 70 00 00 00 00 ....6N.w.`.p....
0000000000ceffcc 00 00 00 00 00 a0 fd 7f - c0 ff ce 00 07 00 00 00 ................
0000000000ceffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00 .....H.w.=.w....
0000000000ceffec 00 00 00 00 00 00 00 00 - 82 c2 f6 77 00 00 00 00 ...........w....
0000000000cefffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cf00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x680 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001
eip=7ffe0304 esp=00d6fcec ebp=00d6ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d6fce8 77f7670b 77f6b5f4 00000016 00d6fd30 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00d6ffb4 77e7d33b 00000000 00000020 00000020 ntdll!ZwWaitForMultipleObjects+0xc
00d6ffec 00000000 77f6b4bf 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000d6fcec 0b 67 f7 77 f4 b5 f6 77 - 16 00 00 00 30 fd d6 00 .g.w...w....0...
0000000000d6fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
0000000000d6fd0c 20 00 00 00 00 00 00 00 - e8 49 fc 77 e8 49 fc 77 ........I.w.I.w
0000000000d6fd1c c0 01 00 00 80 06 00 00 - 16 00 00 00 16 00 00 00 ................
0000000000d6fd2c 15 00 00 00 bc 01 00 00 - 48 03 00 00 98 02 00 00 ........H.......
0000000000d6fd3c b8 04 00 00 c4 04 00 00 - c0 04 00 00 cc 04 00 00 ................
0000000000d6fd4c e4 04 00 00 ec 04 00 00 - f8 04 00 00 08 05 00 00 ................
0000000000d6fd5c 14 05 00 00 1c 05 00 00 - 30 05 00 00 5c 05 00 00 ........0...\...
0000000000d6fd6c 98 04 00 00 48 01 00 00 - b0 05 00 00 bc 05 00 00 ....H...........
0000000000d6fd7c 9c 05 00 00 7c 05 00 00 - 90 01 00 00 00 00 00 00 ....|...........
0000000000d6fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d6fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x684 <----*

eax=00ee0010 ebx=024b90b0 ecx=08000000 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=00defd30 ebp=00defdcc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00defd2c 77f7670b 77e75ee0 00000009 024b90b0 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00defdcc 77d463ff 00000009 00defdf4 00000000 ntdll!ZwWaitForMultipleObjects+0xc
00defe28 77426536 00000008 00defe50 ffffffff USER32!SetScrollInfo+0x21f
00deff4c 7741d8bc 70a7df5f 00000000 77f51690 SHELL32!DragAcceptFiles+0x63
00deffb4 77e7d33b 00000000 77f51690 000ad6c0 SHELL32!Ordinal753+0x27a
00deffec 00000000 70a7def2 00caf630 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000defd30 0b 67 f7 77 e0 5e e7 77 - 09 00 00 00 b0 90 4b 02 .g.w.^.w......K.
0000000000defd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000defd50 09 00 00 00 02 00 00 00 - 20 fe de 00 78 60 47 00 ........ ...x`G.
0000000000defd60 00 00 00 00 00 00 00 00 - 01 00 00 00 09 00 00 00 ................
0000000000defd70 00 f0 fd 7f 00 70 fd 7f - 00 00 00 00 10 00 00 00 .....p..........
0000000000defd80 00 00 00 00 00 00 00 00 - 54 fd de 00 13 01 00 00 ........T.......
0000000000defd90 f0 fd de 00 bf ed d6 77 - b0 90 4b 02 00 70 fd 7f .......w..K..p..
0000000000defda0 14 00 00 00 01 00 00 00 - 18 13 0b 00 00 00 00 00 ................
0000000000defdb0 00 00 00 00 4c fd de 00 - 01 00 00 00 dc ff de 00 ....L...........
0000000000defdc0 09 48 e9 77 78 32 e8 77 - 00 00 00 00 28 fe de 00 .H.wx2.w....(...
0000000000defdd0 ff 63 d4 77 09 00 00 00 - f4 fd de 00 00 00 00 00 .c.w............
0000000000defde0 ff ff ff ff 01 00 00 00 - 48 d4 0a 00 08 00 00 00 ........H.......
0000000000defdf0 00 00 00 00 38 07 00 00 - 20 07 00 00 9c 04 00 00 ....8... .......
0000000000defe00 90 02 00 00 54 03 00 00 - d0 01 00 00 dc 01 00 00 ....T...........
0000000000defe10 e4 01 00 00 d4 01 00 00 - 00 00 00 00 01 00 00 00 ................
0000000000defe20 00 70 fd 7f d4 01 00 00 - 4c ff de 00 36 65 42 77 .p......L...6eBw
0000000000defe30 08 00 00 00 50 fe de 00 - ff ff ff ff ff 04 00 00 ....P...........
0000000000defe40 f4 fd de 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000defe50 38 07 00 00 20 07 00 00 - 9c 04 00 00 90 02 00 00 8... ...........
0000000000defe60 54 03 00 00 d0 01 00 00 - dc 01 00 00 e4 01 00 00 T...............

*----> State Dump for Thread Id 0x7f0 <----*

eax=780015dd ebx=000f3aa8 ecx=77120000 edx=00000000 esi=80020000 edi=00000000
eip=7ffe0304 esp=00e6fe28 ebp=00e6ff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\GDI32.dll -
ChildEBP RetAddr Args to Child
00e6fe24 77f762b7 780016a4 00000134 00e6ff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00e6ff90 78001601 780019d6 0009b3d0 00000000 ntdll!ZwReplyWaitReceivePortEx+0xc
000f85b8 ffffffff 00000228 00000268 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000e6fe28 b7 62 f7 77 a4 16 00 78 - 34 01 00 00 80 ff e6 00 .b.w...x4.......
0000000000e6fe38 00 00 00 00 a8 3a 0f 00 - 60 ff e6 00 00 00 00 00 .....:..`.......
0000000000e6fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fe78 00 00 00 00 08 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 02 3d 82 ..............=.
0000000000e6fee8 c5 86 4e 80 08 cc 8c eb - 04 00 00 00 00 00 00 00 ..N.............
0000000000e6fef8 a0 02 3d 82 3c e4 2d 82 - 40 00 00 00 9c 02 00 00 ..=.<.-.@.......
0000000000e6ff08 60 03 00 00 e8 17 00 00 - 00 00 00 00 2c cc 8c eb `...........,...
0000000000e6ff18 e2 85 4e 80 00 c0 30 82 - 6c 5c bf 81 00 ca 4e 80 ..N...0.l\....N.
0000000000e6ff28 08 ca 4e 80 3c 5c bf 81 - d0 5a bf 81 63 ed 58 80 ..N.<\...Z..c.X.
0000000000e6ff38 d8 55 13 82 d0 5a bf 81 - 2f 16 00 78 60 ff e6 00 .U...Z../..x`...
0000000000e6ff48 4a 16 00 78 b0 b0 09 00 - 40 1c 10 00 b8 85 0f 00 J..x....@.......
0000000000e6ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xc0 <----*

eax=02554008 ebx=00000000 ecx=00080000 edx=00000000 esi=00000000 edi=00000000
eip=7ffe0304 esp=015cf538 ebp=015cf598 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\iphlpapi.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
015cf534 77f75b1d 77e75630 000003e8 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
015cf598 76d61c26 000003e8 00120003 015cf7e8 ntdll!NtDeviceIoControlFile+0xc
015cf5f4 76d61e9e 00000006 00000000 015cf7e8 iphlpapi!GetNumberOfInterfaces+0x95
015cf7e8 00000001 00000200 00000100 00000001 iphlpapi!GetNumberOfInterfaces+0x30d

*----> Raw Stack Dump <----*
00000000015cf538 1d 5b f7 77 30 56 e7 77 - e8 03 00 00 00 00 00 00 .[.w0V.w........
00000000015cf548 00 00 00 00 00 00 00 00 - 74 f5 5c 01 03 00 12 00 ........t.\.....
00000000015cf558 e8 f7 5c 01 24 00 00 00 - 7c f6 5c 01 e1 00 00 00 ..\.$...|.\.....
00000000015cf568 00 00 00 00 5c f8 5c 01 - 00 00 00 00 00 00 00 00 ....\.\.........
00000000015cf578 04 00 00 00 d8 f4 5c 01 - 68 f5 5c 01 cc f5 5c 01 ......\.h.\...\.
00000000015cf588 d8 f8 5c 01 09 48 e9 77 - 08 32 e8 77 ff ff ff ff ..\..H.w.2.w....
00000000015cf598 f4 f5 5c 01 26 1c d6 76 - e8 03 00 00 03 00 12 00 ..\.&..v........
00000000015cf5a8 e8 f7 5c 01 24 00 00 00 - 7c f6 5c 01 e1 00 00 00 ..\.$...|.\.....
00000000015cf5b8 00 f6 5c 01 00 00 00 00 - fc f7 5c 01 34 f8 5c 01 ..\.......\.4.\.
00000000015cf5c8 00 00 00 00 d8 f8 5c 01 - 09 48 e9 77 88 32 e8 77 ......\..H.w.2.w
00000000015cf5d8 ff ff ff ff de 60 e7 77 - 61 16 d6 76 68 a8 4c 02 .....`.wa..vh.L.
00000000015cf5e8 18 fb 5c 01 60 7b 4f 02 - 00 00 00 00 e8 f7 5c 01 ..\.`{O.......\.
00000000015cf5f8 9e 1e d6 76 06 00 00 00 - 00 00 00 00 e8 f7 5c 01 ...v..........\.
00000000015cf608 50 f8 5c 01 7c f6 5c 01 - 5c f8 5c 01 18 fb 5c 01 P.\.|.\.\.\...\.
00000000015cf618 00 00 00 00 08 60 53 02 - 00 00 00 00 00 00 00 00 .....`S.........
00000000015cf628 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015cf638 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015cf648 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015cf658 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015cf668 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xcc <----*

eax=72d22ecc ebx=017bff1c ecx=000000fc edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=017bfed4 ebp=017bff70 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
017bfed0 77f7670b 77e75ee0 00000002 017bff1c *SharedUserSystemCall+0xc (FPO: [0,0,0])
017bff70 77e75faa 00000002 017bffa4 00000000 ntdll!ZwWaitForMultipleObjects+0xc
017bffb4 77e7d33b 00000000 00000021 41f5166a kernel32!WaitForMultipleObjects+0x17
017bffec 00000000 72d22ecc 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000017bfed4 0b 67 f7 77 e0 5e e7 77 - 02 00 00 00 1c ff 7b 01 .g.w.^.w......{.
00000000017bfee4 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 00 00 ............!...
00000000017bfef4 00 00 00 00 00 00 00 00 - 00 00 00 00 dc 8c a5 eb ................
00000000017bff04 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
00000000017bff14 00 f0 fd 7f 00 c0 fa 7f - 20 03 00 00 0c 03 00 00 ........ .......
00000000017bff24 00 ca 4e 80 08 ca 4e 80 - 2c 69 0f 82 c0 67 0f 82 ..N...N.,i...g..
00000000017bff34 63 ed 58 80 d8 55 13 82 - 1c ff 7b 01 00 c0 fa 7f c.X..U....{.....
00000000017bff44 14 00 00 00 01 00 00 00 - 88 8a 0e 00 00 00 00 00 ................
00000000017bff54 00 00 00 00 f0 fe 7b 01 - 00 00 00 00 dc ff 7b 01 ......{.......{.
00000000017bff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 7b 01 .H.wx2.w......{.
00000000017bff74 aa 5f e7 77 02 00 00 00 - a4 ff 7b 01 00 00 00 00 ._.w......{.....
00000000017bff84 ff ff ff ff 00 00 00 00 - 0c 2f d2 72 02 00 00 00 ........./.r....
00000000017bff94 a4 ff 7b 01 00 00 00 00 - ff ff ff ff 6a 16 f5 41 ..{.........j..A
00000000017bffa4 20 03 00 00 0c 03 00 00 - a8 8c a5 eb 30 62 f7 77 ...........0b.w
00000000017bffb4 ec ff 7b 01 3b d3 e7 77 - 00 00 00 00 21 00 00 00 ..{.;..w....!...
00000000017bffc4 6a 16 f5 41 00 00 00 00 - 00 00 00 00 00 c0 fa 7f j..A............
00000000017bffd4 c0 ff 7b 01 07 00 00 00 - ff ff ff ff 09 48 e9 77 ..{..........H.w
00000000017bffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
00000000017bfff4 cc 2e d2 72 00 00 00 00 - 00 00 00 00 c8 00 00 00 ...r............
00000000017c0004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x664 <----*

eax=000011f7 ebx=000003cc ecx=00149810 edx=00000000 esi=0158ff98 edi=77d4438f
eip=7ffe0304 esp=0158ff54 ebp=0158ff78 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0158ff50 77d43a21 77d443cd 0158ff98 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0158ff78 76b41c79 0158ff98 00000000 00000000 USER32+0x3a21
0158ffb4 77e7d33b 000003cc 00010003 00080000 WINMM!timeGetTime+0x1a1
0158ffec 00000000 76b41c14 000003cc 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000158ff54 21 3a d4 77 cd 43 d4 77 - 98 ff 58 01 00 00 00 00 !:.w.C.w..X.....
000000000158ff64 00 00 00 00 00 00 00 00 - cc 03 00 00 8f 43 d4 77 .............C.w
000000000158ff74 00 00 00 00 b4 ff 58 01 - 79 1c b4 76 98 ff 58 01 ......X.y..v..X.
000000000158ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 03 00 01 00 ................
000000000158ff94 00 00 08 00 e6 00 01 00 - bc 03 00 00 a8 9d 4b 02 ..............K.
000000000158ffa4 00 00 00 00 a2 2d 22 00 - f1 01 00 00 cb 00 00 00 .....-".........
000000000158ffb4 ec ff 58 01 3b d3 e7 77 - cc 03 00 00 03 00 01 00 ..X.;..w........
000000000158ffc4 00 00 08 00 cc 03 00 00 - e0 cc c3 ba 00 d0 fa 7f ................
000000000158ffd4 c0 ff 58 01 07 00 00 00 - ff ff ff ff 09 48 e9 77 ..X..........H.w
000000000158ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
000000000158fff4 14 1c b4 76 cc 03 00 00 - 00 00 00 00 00 00 00 00 ...v............
0000000001590004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001590084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xec8 <----*

eax=780015dd ebx=0011eac8 ecx=0009b3d0 edx=00000000 esi=78001aa5 edi=00000000
eip=7ffe0304 esp=009cfe28 ebp=009cff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
009cfe24 77f762b7 780016a4 00000134 009cff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
009cff90 78001601 780019d6 0009b3d0 00000000 ntdll!ZwReplyWaitReceivePortEx+0xc
000a5e90 ffffffff 00000144 000003c0 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
00000000009cfe28 b7 62 f7 77 a4 16 00 78 - 34 01 00 00 80 ff 9c 00 .b.w...x4.......
00000000009cfe38 00 00 00 00 c8 ea 11 00 - 60 ff 9c 00 6f ea 57 80 ........`...o.W.
00000000009cfe48 40 00 00 00 60 83 ad 81 - 30 14 75 e2 e6 02 00 00 @...`...0.u.....
00000000009cfe58 e5 02 00 00 f4 78 3c 82 - 0c b5 3c 82 00 00 6c e1 .....x<...<...l.
00000000009cfe68 48 53 09 82 48 27 40 f8 - 00 00 00 00 00 00 00 00 HS..H'@.........
00000000009cfe78 06 00 00 00 04 00 00 00 - a8 5d 8c 81 00 00 00 00 .........]......
00000000009cfe88 d0 72 d1 e1 00 00 00 00 - 1c 14 75 e2 06 00 00 00 .r........u.....
00000000009cfe98 c0 28 89 e1 08 60 50 e1 - 00 00 00 00 fe ff f8 00 .(...`P.........
00000000009cfea8 a8 5d 8c 81 2d 14 58 80 - d0 72 d1 e1 44 02 00 00 .]..-.X..r..D...
00000000009cfeb8 19 00 02 00 d0 72 d1 e1 - 00 00 00 00 44 02 00 00 .....r......D...
00000000009cfec8 00 00 00 00 e0 72 d1 e1 - 88 74 78 e1 19 14 75 e2 .....r...tx...u.
00000000009cfed8 dc 0b b6 ba e5 13 58 80 - d0 72 d1 e1 88 74 78 e1 ......X..r...tx.
00000000009cfee8 19 00 02 00 60 83 ad 81 - 1d 00 00 00 f6 33 58 80 ....`........3X.
00000000009cfef8 76 00 9d e1 1d 00 00 00 - cc fe 9d e1 80 0c b6 ba v...............
00000000009cff08 3c 0c b6 ba 47 33 58 80 - 09 00 00 00 76 00 9d e1 <...G3X.....v...
00000000009cff18 41 00 00 00 65 33 58 80 - cc 6a 8b 81 00 ca 4e 80 A...e3X..j....N.
00000000009cff28 08 ca 4e 80 9c 6a 8b 81 - 30 69 8b 81 63 ed 58 80 ..N..j..0i..c.X.
00000000009cff38 d8 55 13 82 30 69 8b 81 - 2f 16 00 78 60 ff 9c 00 .U..0i../..x`...
00000000009cff48 4a 16 00 78 b0 b0 09 00 - 38 36 12 00 3c b1 09 00 J..x....86..<...
00000000009cff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xb28 <----*

eax=00000000 ebx=00acff18 ecx=7ffd4000 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=00acfed0 ebp=00acff6c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00acfecc 77f7670b 77e75ee0 00000003 00acff18 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00acff6c 77e75faa 00000003 75b03300 00000000 ntdll!ZwWaitForMultipleObjects+0xc
00000000 00000000 00000000 00000000 00000000 kernel32!WaitForMultipleObjects+0x17

*----> Raw Stack Dump <----*
0000000000acfed0 0b 67 f7 77 e0 5e e7 77 - 03 00 00 00 18 ff ac 00 .g.w.^.w........
0000000000acfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 a4 33 b0 75 .............3.u
0000000000acfef0 00 00 00 00 f0 a6 e7 77 - 00 00 00 00 00 00 00 00 .......w........
0000000000acff00 00 00 00 00 00 00 01 00 - 00 00 08 00 03 00 00 00 ................
0000000000acff10 00 f0 fd 7f 00 40 fd 7f - d0 04 00 00 d4 04 00 00 .....@..........
0000000000acff20 fc 04 00 00 6a 16 f5 77 - 2e d9 e7 77 00 00 08 00 ....j..w...w....
0000000000acff30 00 00 00 00 3e d9 e7 77 - 18 ff ac 00 00 00 08 00 ....>..w........
0000000000acff40 14 00 00 00 01 00 00 00 - 30 d1 4b 02 00 00 00 00 ........0.K.....
0000000000acff50 00 00 00 00 ec fe ac 00 - 16 00 18 00 dc ff ac 00 ................
0000000000acff60 09 48 e9 77 78 32 e8 77 - 00 00 00 00 00 00 00 00 .H.wx2.w........
0000000000acff70 aa 5f e7 77 03 00 00 00 - 00 33 b0 75 00 00 00 00 ._.w.....3.u....
0000000000acff80 ff ff ff ff 00 00 00 00 - 45 5b a7 75 03 00 00 00 ........E[.u....
0000000000acff90 00 33 b0 75 00 00 00 00 - ff ff ff ff 00 00 08 00 .3.u............
0000000000acffa0 00 00 00 00 a0 e4 ca 00 - ec ff ac 00 00 00 00 00 ................
0000000000acffb0 03 00 00 00 00 00 a7 75 - 3b d3 e7 77 00 00 00 00 .......u;..w....
0000000000acffc0 a0 e4 ca 00 00 00 08 00 - 00 00 00 00 e0 4c 73 ba .............Ls.
0000000000acffd0 00 40 fd 7f c0 ff ac 00 - 07 00 00 00 ff ff ff ff .@..............
0000000000acffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
0000000000acfff0 00 00 00 00 ea 5a a7 75 - 00 00 00 00 00 00 00 00 .....Z.u........
0000000000ad0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xf74 <----*

eax=00000000 ebx=00000000 ecx=009d0000 edx=00000000 esi=000000ec edi=00000000
eip=7ffe0304 esp=0261fb60 ebp=0261fbc4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0261fb5c 77f7671a 77e7a62d 000000ec 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0261fbc4 77e7ac21 000000ec 00000000 00000000 ntdll!NtWaitForSingleObject+0xc
0261fbe8 77409792 000000ec 000a5c68 774098fb kernel32!WaitForSingleObject+0xf
0261fe18 7740986c 00000001 0261fe78 00000001 SHELL32!Ordinal159+0x136e
0261fe40 77422051 000a5c80 02545008 0261fe78 SHELL32!Ordinal159+0x1448
0261fe60 77412dde 0009cdf0 02545008 0261fe78 SHELL32!Ordinal258+0x1157
0261fe7c 77401970 024ff760 0008dbb8 000c58f8 SHELL32!SHChangeNotifyRegister+0x1776
00000000 00000000 00000000 00000000 00000000 SHELL32!IsLFNDriveW+0x134

*----> Raw Stack Dump <----*
000000000261fb60 1a 67 f7 77 2d a6 e7 77 - ec 00 00 00 00 00 00 00 .g.w-..w........
000000000261fb70 88 fb 61 02 08 50 54 02 - 05 40 00 80 00 00 00 00 ..a..PT..@......
000000000261fb80 40 a6 0a 00 88 fb 61 02 - 00 00 00 00 00 00 00 00 @.....a.........
000000000261fb90 00 f0 fd 7f 00 90 fa 7f - 14 00 00 00 01 00 00 00 ................
000000000261fba0 00 00 00 00 00 00 00 00 - 10 00 00 00 74 fb 61 02 ............t.a.
000000000261fbb0 68 5c 0a 00 38 ff 61 02 - 09 48 e9 77 e0 3a e8 77 h\..8.a..H.w.:.w
000000000261fbc0 00 00 00 00 e8 fb 61 02 - 21 ac e7 77 ec 00 00 00 ......a.!..w....
000000000261fbd0 00 00 00 00 00 00 00 00 - ed 1c a7 70 ec 00 00 00 ...........p....
000000000261fbe0 00 00 00 00 00 00 00 00 - 18 fe 61 02 92 97 40 77 ..........a...@w
000000000261fbf0 ec 00 00 00 68 5c 0a 00 - fb 98 40 77 14 fe 61 02 ....h\[email protected].
000000000261fc00 28 2b 0b 00 00 00 00 00 - 05 40 00 80 43 00 3a 00 ([email protected].:.
000000000261fc10 5c 00 44 00 6f 00 63 00 - 75 00 6d 00 65 00 6e 00 \.D.o.c.u.m.e.n.
000000000261fc20 74 00 73 00 20 00 61 00 - 6e 00 64 00 20 00 53 00 t.s. .a.n.d. .S.
000000000261fc30 65 00 74 00 74 00 69 00 - 6e 00 67 00 73 00 5c 00 e.t.t.i.n.g.s.\.
000000000261fc40 41 00 6c 00 6c 00 20 00 - 55 00 73 00 65 00 72 00 A.l.l. .U.s.e.r.
000000000261fc50 73 00 5c 00 44 00 65 00 - 73 00 6b 00 74 00 6f 00 s.\.D.e.s.k.t.o.
000000000261fc60 70 00 5c 00 44 00 65 00 - 6c 00 6c 00 20 00 4a 00 p.\.D.e.l.l. .J.
000000000261fc70 75 00 6b 00 65 00 62 00 - 6f 00 78 00 20 00 62 00 u.k.e.b.o.x. .b.
000000000261fc80 79 00 20 00 6d 00 75 00 - 73 00 69 00 63 00 6d 00 y. .m.u.s.i.c.m.
000000000261fc90 61 00 74 00 63 00 68 00 - 2e 00 6c 00 6e 00 6b 00 a.t.c.h...l.n.k.

*----> State Dump for Thread Id 0xa98 <----*

eax=009d0000 ebx=0249b544 ecx=00001000 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=0249b4fc ebp=0249b598 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\faultrep.dll -
ChildEBP RetAddr Args to Child
0249b4f8 77f7670b 77e75ee0 00000002 0249b544 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0249b598 77e75faa 00000002 0249b66c 00000000 ntdll!ZwWaitForMultipleObjects+0xc
0249bd34 69456d16 0249d2f0 ffffffff 00018312 kernel32!WaitForMultipleObjects+0x17
0249cd9c 77e93326 0249d2f0 ffffffff 77e83db8 faultrep!ReportFault+0x488
0249d2c8 77e98854 0249d2f0 77e94858 0249d2f8 kernel32!UnhandledExceptionFilter+0x266
0249ffec 00000000 7338aff0 00172a40 00000000 kernel32!GetAtomNameA+0x125c

*----> Raw Stack Dump <----*
000000000249b4fc 0b 67 f7 77 e0 5e e7 77 - 02 00 00 00 44 b5 49 02 .g.w.^.w....D.I.
000000000249b50c 01 00 00 00 00 00 00 00 - 30 b5 49 02 01 00 00 00 ........0.I.....
000000000249b51c 00 00 97 00 02 15 f5 77 - 00 00 00 00 00 00 00 00 .......w........
000000000249b52c 30 b5 49 02 00 a2 2f 4d - ff ff ff ff 02 00 00 00 0.I.../M........
000000000249b53c 00 f0 fd 7f 00 b0 fa 7f - 0c 06 00 00 24 06 00 00 ............$...
000000000249b54c 5f a6 e7 77 7c b5 49 02 - 52 a6 e7 77 01 00 00 00 _..w|.I.R..w....
000000000249b55c 00 00 97 00 02 15 f5 77 - 44 b5 49 02 6c b5 49 02 .......wD.I.l.I.
000000000249b56c 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249b57c 10 00 00 00 18 b5 49 02 - 00 00 00 00 24 bd 49 02 ......I.....$.I.
000000000249b58c 09 48 e9 77 78 32 e8 77 - 00 00 00 00 34 bd 49 02 .H.wx2.w....4.I.
000000000249b59c aa 5f e7 77 02 00 00 00 - 6c b6 49 02 00 00 00 00 ._.w....l.I.....
000000000249b5ac e0 93 04 00 00 00 00 00 - 71 54 45 69 02 00 00 00 ........qTEi....
000000000249b5bc 6c b6 49 02 00 00 00 00 - e0 93 04 00 43 00 3a 00 l.I.........C.:.
000000000249b5cc 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00 \.W.I.N.D.O.W.S.
000000000249b5dc 5c 00 53 00 79 00 73 00 - 74 00 65 00 6d 00 33 00 \.S.y.s.t.e.m.3.
000000000249b5ec 32 00 5c 00 64 00 77 00 - 77 00 69 00 6e 00 2e 00 2.\.d.w.w.i.n...
000000000249b5fc 65 00 78 00 65 00 20 00 - 2d 00 78 00 20 00 2d 00 e.x.e. .-.x. .-.
000000000249b60c 73 00 20 00 31 00 31 00 - 39 00 32 00 00 00 49 02 s. .1.1.9.2...I.
000000000249b61c 2a 00 00 00 01 00 00 00 - ff ff ff ff 00 00 00 00 *...............
000000000249b62c 00 00 f4 75 c0 b6 49 02 - 04 01 00 00 34 bd 49 02 ...u..I.....4.I.

*----> State Dump for Thread Id 0x80c <----*

eax=024e1800 ebx=00000000 ecx=00000018 edx=00000019 esi=733c44ca edi=00000018
eip=719d22ba esp=027bfae0 ebp=027bfb08 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll -
function: comctl32
719d229b 2000 and [eax],al
719d229d 89781c mov [eax+0x1c],edi
719d22a0 39501c cmp [eax+0x1c],edx
719d22a3 7d62 jge comctl32+0x82307 (719d2307)
719d22a5 8bf7 mov esi,edi
719d22a7 c1e604 shl esi,0x4
719d22aa 03b070040000 add esi,[eax+0x470]
719d22b0 53 push ebx
719d22b1 8b9860040000 mov ebx,[eax+0x460]
719d22b7 83c610 add esi,0x10
FAULT ->719d22ba 8a0e mov cl,[esi] ds:0023:733c44ca=??
719d22bc 47 inc edi
719d22bd 80f941 cmp cl,0x41
719d22c0 0fb6c9 movzx ecx,cl
719d22c3 7205 jb comctl32+0x822ca (719d22ca)
719d22c5 83e937 sub ecx,0x37
719d22c8 eb03 jmp comctl32+0x822cd (719d22cd)
719d22ca 83e930 sub ecx,0x30
719d22cd 660fb65601 movzx dx,byte ptr [esi+0x1]
719d22d2 80fa41 cmp dl,0x41
719d22d5 0fb6d2 movzx edx,dl

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
027bfb08 7198c5a6 024e1800 0301079f 00000019 comctl32+0x822ba
027bfb64 7198c606 000d2d00 570105fc 001f01c6 comctl32!Ordinal384+0x178b4
027bfb90 7198caf3 570105fc 027bfe64 7198c9ad comctl32!Ordinal384+0x17914
027bfdf0 77d43a68 001f01c6 00000113 0000002a comctl32!Ordinal384+0x17e01
027bfe1c 77d43b37 7198c9ad 001f01c6 00000113 USER32+0x3a68
027bfe84 77d43d91 000852e8 7198c9ad 001f01c6 USER32+0x3b37
027bfee4 77d43df7 027bff30 00000000 77d4b209 USER32!GetMessageW+0x125
027bff14 75fbd071 0011025a 004a9548 00000000 USER32!DispatchMessageW+0xb
027bff4c 75fbdb62 70a7df5f 024dd4a8 77f79005 BROWSEUI!Ordinal103+0x1b69
027bffb4 77e7d33b 00000000 77f79005 77f6d5f0 BROWSEUI!Ordinal103+0x265a
027bffec 00000000 70a7def2 0249ecac 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000027bfae0 9f 07 01 03 18 2d 0d 00 - 00 18 4e 02 21 26 9d 71 .....-....N.!&.q
00000000027bfaf0 00 18 4e 02 19 00 00 00 - 00 2d 0d 00 00 00 00 00 ..N......-......
00000000027bfb00 00 00 00 00 10 01 00 00 - 64 fb 7b 02 a6 c5 98 71 ........d.{....q
000000000
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP