Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr. Watson Startup Problem everytime i start my computer


  • Please log in to reply

#1
j_que

j_que

    Member

  • Member
  • PipPip
  • 32 posts
So here's my problem...

everytime i start up my pc, i always receive an error with dr. watson

Here's the error i receive

"drwatson postmortem debugger has encountered a problem and needs to close. we are sorry for the inconvenience"

error signature

eventtype:bex
p1: drwatson32.exe
p2: 5.1.2600.0
p3: 3b7d 84a2
p4: dbghelp.dll
p5: 5.1.2600.2180
p6: 4110969a
p7: 0001295d
p8: c0000409
p9: 00000000

the following files will be included in this error report:

c:\docume~1\Jonathan\locals~1\temp\wer495e.dir00\drwtsn32.exe.mdmp
c:\docume~1\Jonathan\locals~1\temp\wer495e.dir00\appcompat.txt

my computer usually starts up with this error
and it gets stuck there unless i press ctrl alt delete
and end the process

can someone please help me? user don77 suggested that i should try posting here since this wasn't a malware problem any more :) thank you and hope someone could help me

*another thing, don77 also asked me to post the dr watson log... but i cant seem to post it since the log is to big...
the dr watson log is already 19.2mb and if i transfer it to MS word, i gets a little smaller. around 12mb and has about 5000 pages...

thank you!
  • 0

Advertisements


#2
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
You could have an issue with a right-click context menu shell extension. Use Nirsoft's ShellExView to view the shell extensions. Use ShellExView to disable all non-MS extensions and then you can enable them one at a time to narrow down the problem.

See also:
Right-click is slow or weird behavior caused by context menu handlers
Right click causes and error and crashes Explorer.exe after installing Windows XP SP2?
Manage the context-menu entries for files, folders, drives and Namespace objects

Let me know if this helps,

Ax
  • 0

#3
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks for the reply! :)

i tried what u told me and it didnt seem to fix my problem :)
  • 0

#4
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
Please make sure you have all available Windows Updates installed on your system.

Try uninstalling Alcohol 120% and then restarting your system.


You can also try running the System File Checker Utility (SFC):
Go to Start | Run, type sfc /scannow, and press Enter.

If SFC does identify missing or corrupted Operating System files, it may ask you to insert your Windows XP installation CD so a fresh copy of the correct file can be copied and pasted into the system files.

If you do not have your Windows XP installation CD, or if errors in the process occur, please post back with specifics or questions.

SFC scan and replacements take about 8-12 minutes depending upon the size of your file tree and the speed of your CPU/RAM. If SFC opens and then closes within a few seconds or under one minute, It did not complete, and must be repeated.

Sometimes, a second scan run of SFC is necessary, even if SFC completes the first time, in order to replace all missing or corrupted files. If SFC completes, you can safely run it a second time for good measure.

A good way to tell whether you should run it again is if you look in the Event Log and see the following Application event entry after running SFC:
Source:	  Windows File Protection 
Event ID:	64002 (or 64021)


Finally, delete the Dr. Watson log file(s). Restart your computer and see if a new and smaller log has been created. If so, zip and upload this log file.

Regards,

Ax

Edited by Ax238, 30 November 2007 - 12:34 PM.

  • 0

#5
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
"SFC scan and replacements take about 8-12 minutes depending upon the size of your file tree and the speed of your CPU/RAM. If SFC opens and then closes within a few seconds or under one minute, It did not complete, and must be repeated."

What do i do if it keeps on closing after a few seconds? i dont even get to see whats written in the command prompt.. ?
  • 0

#6
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
try running the command at the command prompt: Start | Run, type cmd, and press Enter

Let me know what the error message says.
  • 0

#7
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
Hi j-que.

You mentioned command prompt in your last post. The command sfc /scannow should be written in the Run dialog box and not at a command prompt. Just click Start and then Run. In the dialog box that opens write sfc /scannow and click OK.
  • 0

#8
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
j_que,

SFC should run fine from either the run command or the command prompt. Please follow my previous instructions and run it from the command prompt so we can see what error you are getting.
  • 0

#9
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
the command prompt works fine.. im trying to run sfc via the command prompt as we speak :)
after running it, it asked for my windows xp cd
  • 0

#10
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
A good way to tell whether you should run it again is if you look in the Event Log and see the following Application event entry after running SFC:
CODE
Source: Windows File Protection
Event ID: 64002 (or 64021)

--> where do u see the event log??
  • 0

Advertisements


#11
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
Go to Start | Run, type eventvwr.msc, and press Enter. The event should be viewable in the System section.

What you really want to see is the event log show just two events for Windows File Protection: 64016 (started) and 64017 (ended)
  • 0

#12
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
okay.. i finally get to upload the dr watson error, but i had a difficult time starting my computer.

there was an error before even windows started saying that there has an error occured and

there were option on running in safe mode
last known configurations
normal mode

i chose last known configurations and it worked after around 5 mins

the error of dr watson in the startup also disappered :)

does this mean that my computer has been fixed already??



anyways here is the log :)

Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=1852)
When: 12/2/2007 @ 12:10:38.812
Exception number: 80000007
()

*----> System Information <----*
Computer Name: JONATHAN-1BB3B4
User Name: Jonathan
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 63 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Jonathan

*----> Task List <----*
0 System Process
4 System
704 smss.exe
932 csrss.exe
956 winlogon.exe
1004 services.exe
1016 lsass.exe
1180 svchost.exe
1240 svchost.exe
1388 svchost.exe
1436 svchost.exe
1480 svchost.exe
1760 spoolsv.exe
1852 Explorer.EXE
1872 ctfmon.exe
1956 avgamsvr.exe
2020 avgupsvc.exe
2036 BTNtService.exe
240 LSSrvc.exe
332 nvsvc32.exe
384 svchost.exe
460 wdfmgr.exe
596 WLService.exe
720 WUSB54Gv4.exe
1564 SOUNDMAN.EXE
1532 jusched.exe
1616 InfoMyCa.exe
1608 rundll32.exe
1656 PDVDServ.exe
1668 qttask.exe
1684 issch.exe
1696 GrooveMonitor.exe
1724 iTunesHelper.exe
1744 VM_STI.EXE
1812 realsched.exe
1628 avgcc.exe
1524 YahooMessenger.exe
1528 mssysmgr.exe
2088 GoogleToolbarNotifier.exe
2096 NMBgMonitor.exe
2116 SUPERAntiSpyware.exe
2152 sgmain.exe
2160 drwtsn32.exe
2220 NMIndexStoreSvr.exe
2348 sgbhp.exe
2540 iPodService.exe
2792 imapi.exe
2868 wscntfy.exe
3116 alg.exe
3640 svchost.exe
3908 NMIndexingService.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(00000000024f0000 - 00000000027b6000: C:\WINDOWS\system32\msi.dll
(00000000029c0000 - 0000000002b2f000: C:\WINDOWS\system32\nview.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(000000004d4f0000 - 000000004d548000: C:\WINDOWS\system32\WINHTTP.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(000000005fc10000 - 000000005fc43000: C:\WINDOWS\system32\msutb.dll
(0000000060980000 - 0000000060987000: C:\WINDOWS\system32\MSISIP.DLL
(00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL
(0000000065e30000 - 0000000065e67000: C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
(00000000661c0000 - 00000000663dd000: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
(0000000066b40000 - 0000000066cbd000: C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL
(0000000068ef0000 - 0000000068fe1000: C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL
(0000000068ff0000 - 0000000068ff7000: C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\system32\actxprxy.dll
(0000000073dd0000 - 0000000073ece000: C:\WINDOWS\system32\MFC42.DLL
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\Msctf.dll
(0000000074980000 - 0000000074ab0000: C:\WINDOWS\system32\MSXML3.DLL
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\system32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\system32\webcheck.dll
(0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll
(0000000074ea0000 - 0000000074eb0000: C:\WINDOWS\system32\wshext.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075f80000 - 000000007607c000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSImg32.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
(000000007c630000 - 000000007c64b000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll

*----> State Dump for Thread Id 0x740 <----*

eax=0000003c ebx=00000000 ecx=86ea5198 edx=8055a6c0 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=0007f790 ebp=0007f818 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0000 es=b6f8 fs=003b gs=b6f8 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\Msctf.dll -
*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nview.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nview.dll -
ChildEBP RetAddr Args to Child
0007f818 7c90104b 0197c0d8 7c9131dc 7c97c0d8 ntdll!KiFastSystemCallRet
0007f85c 7c916298 00000001 00000000 0007f8bc ntdll!RtlEnterCriticalSection+0x46
0007faf8 7c801bb9 02231a30 0007fb44 0007fb24 ntdll!LdrLoadDll+0xce
0007fb60 77d6dcb6 0007fbc4 00000000 00000008 kernel32!LoadLibraryExW+0xc8
0007fb8c 7c90eae3 0007fb9c 00000080 00000080 USER32!EnumClipboardFormats+0x245
0007fc40 7473002d 000100cd 00000000 00000200 ntdll!KiUserCallbackDispatcher+0x13
0007fc84 77d56e46 00000000 00000200 0007fd3c Msctf!TF_DllDetachInOther+0x11fd
0007fcb8 77d4ecc3 00070000 00000200 0007fd3c USER32!EndDialog+0x17d
0007fcf4 77d6f6c2 0007fd28 0007fd3c 0007fd38 USER32!IsCharAlphaW+0x103
0007fd18 7c90eae3 0007fd28 0000002c 00070000 USER32!LoadAcceleratorsA+0x1b5
0007fd78 02a314c3 00010259 00000000 00000200 ntdll!KiUserCallbackDispatcher+0x13
00000000 00000000 00000000 00000000 00000000 nview!PMLoadPresentation+0x28d03

*----> Raw Stack Dump <----*
000000000007f790 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
000000000007f7a0 00 00 00 00 bc f8 07 00 - 00 00 00 00 01 00 00 00 ................
000000000007f7b0 61 00 6d 00 20 00 46 00 - 69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
000000000007f7c0 5c 00 59 00 61 00 68 00 - 6f 00 6f 00 21 00 5c 00 \.Y.a.h.o.o.!.\.
000000000007f7d0 4d 00 65 00 73 00 73 00 - 65 00 6e 00 67 00 65 00 M.e.s.s.e.n.g.e.
000000000007f7e0 72 00 5c 00 69 00 64 00 - 6c 00 65 00 2e 00 64 00 r.\.i.d.l.e...d.
000000000007f7f0 6c 00 6c 00 00 00 00 00 - 00 00 00 00 00 00 00 00 l.l.............
000000000007f800 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f810 00 00 00 00 08 04 00 00 - 5c f8 07 00 4b 10 90 7c ........\...K..|
000000000007f820 d8 c0 97 01 dc 31 91 7c - d8 c0 97 7c 08 00 15 c0 .....1.|...|....
000000000007f830 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f840 4d 09 00 00 2c f8 07 00 - 78 62 91 7c e8 fa 07 00 M...,...xb.|....
000000000007f850 18 ee 90 7c 18 32 91 7c - ff ff ff ff f8 fa 07 00 ...|.2.|........
000000000007f860 98 62 91 7c 01 00 00 00 - 00 00 00 00 bc f8 07 00 .b.|............
000000000007f870 00 00 00 00 9c fb 07 00 - c4 fb 07 00 00 00 00 00 ................
000000000007f880 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f890 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f8a0 00 00 00 00 00 00 00 00 - 44 fb 07 00 30 1a 23 02 ........D...0.#.
000000000007f8b0 40 fb 07 00 00 00 00 00 - 00 00 00 00 00 00 00 00 @...............
000000000007f8c0 00 00 08 02 d4 f8 07 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x758 <----*

eax=000dd1c8 ebx=00000000 ecx=00000000 edx=00000002 esi=000ccad8 edi=00000100
eip=7c90eb94 esp=00eefe1c ebp=00eeff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00eeff80 77e76c22 00eeffa8 77e76a3b 000ccad8 ntdll!KiFastSystemCallRet
00eeff88 77e76a3b 000ccad8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00eeffa8 77e76c0a 000cc990 00eeffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00eeffb4 7c80b50b 000daa10 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00eeffec 00000000 77e76bf0 000daa10 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000eefe1c 99 e3 90 7c 03 67 e7 77 - fc 01 00 00 70 ff ee 00 ...|.g.w....p...
0000000000eefe2c 00 00 00 00 28 cc 25 02 - 54 ff ee 00 75 00 65 00 ....(.%.T...u.e.
0000000000eefe3c 54 00 79 00 70 00 65 00 - 29 00 00 00 41 00 63 00 T.y.p.e.)...A.c.
0000000000eefe4c 63 00 69 00 02 00 65 00 - 00 00 74 00 61 00 6c 00 c.i...e...t.a.l.
0000000000eefe5c 20 00 50 00 72 00 65 00 - 73 00 69 00 64 00 65 00 .P.r.e.s.i.d.e.
0000000000eefe6c 01 00 00 00 79 00 20 00 - 28 00 54 00 72 00 75 00 ....y. .(.T.r.u.
0000000000eefe7c 65 00 54 00 79 00 70 00 - 65 00 29 00 00 00 41 00 e.T.y.p.e.)...A.
0000000000eefe8c 63 00 65 00 20 00 43 00 - 72 00 69 00 6b 00 65 00 c.e. .C.r.i.k.e.
0000000000eefe9c 79 00 20 00 28 00 54 00 - 72 00 75 00 65 00 54 00 y. .(.T.r.u.e.T.
0000000000eefeac 79 00 70 00 65 00 29 00 - 00 00 41 00 20 00 43 00 y.p.e.)...A. .C.
0000000000eefebc 68 00 61 00 72 00 6d 00 - 69 00 6e 00 67 00 20 00 h.a.r.m.i.n.g. .
0000000000eefecc 46 00 6f 00 6e 00 74 00 - 20 00 45 00 78 00 70 00 F.o.n.t. .E.x.p.
0000000000eefedc 61 00 6e 00 64 00 65 00 - 64 00 20 00 28 00 54 00 a.n.d.e.d. .(.T.
0000000000eefeec 72 00 75 00 65 00 54 00 - 79 00 70 00 65 00 29 00 r.u.e.T.y.p.e.).
0000000000eefefc 00 00 41 00 20 00 43 00 - 68 00 61 00 72 00 6d 00 ..A. .C.h.a.r.m.
0000000000eeff0c 69 00 6e 00 67 00 20 00 - 44 7f f3 86 24 3c c7 ba i.n.g. .D...$<..
0000000000eeff1c d9 9a 4f 80 e1 9a 4f 80 - 14 7f f3 86 a8 7d f3 86 ..O...O......}..
0000000000eeff2c dc 7d f3 86 80 ff ee 00 - 99 66 e7 77 4c ff ee 00 .}.......f.wL...
0000000000eeff3c a9 66 e7 77 ed 10 90 7c - 30 a7 0d 00 10 aa 0d 00 .f.w...|0.......
0000000000eeff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x75c <----*

eax=774f319a ebx=00007530 ecx=7ffd9000 edx=00000000 esi=00000000 edi=00f3ff50
eip=7c90eb94 esp=00f3ff20 ebp=00f3ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00f3ff78 7c802451 0000ea60 00000000 00f3ffb4 ntdll!KiFastSystemCallRet
00f3ff88 774f2fcb 0000ea60 000dd250 774f314d kernel32!Sleep+0xf
00f3ffb4 7c80b50b 000dd250 7c910945 7c91094e ole32!StringFromGUID2+0x2d1
00f3ffec 00000000 774f319a 000dd250 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f3ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff f3 00 \..|.#.|....P...
0000000000f3ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00 P%.|.V`w0u......
0000000000f3ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000f3ff50 00 ba 3c dc ff ff ff ff - 08 4f 4e 77 50 ff f3 00 ..<......ONwP...
0000000000f3ff60 30 ff f3 00 88 47 09 00 - dc ff f3 00 f3 99 83 7c 0....G.........|
0000000000f3ff70 58 24 80 7c 00 00 00 00 - 88 ff f3 00 51 24 80 7c X$.|........Q$.|
0000000000f3ff80 60 ea 00 00 00 00 00 00 - b4 ff f3 00 cb 2f 4f 77 `............/Ow
0000000000f3ff90 60 ea 00 00 50 d2 0d 00 - 4d 31 4f 77 00 00 00 00 `...P...M1Ow....
0000000000f3ffa0 45 09 91 7c 50 d2 0d 00 - 00 00 4e 77 b5 31 4f 77 E..|P.....Nw.1Ow
0000000000f3ffb0 4e 09 91 7c ec ff f3 00 - 0b b5 80 7c 50 d2 0d 00 N..|.......|P...
0000000000f3ffc0 45 09 91 7c 4e 09 91 7c - 50 d2 0d 00 00 d0 fd 7f E..|N..|P.......
0000000000f3ffd0 00 16 1d 87 c0 ff f3 00 - 08 b7 3e 86 ff ff ff ff ..........>.....
0000000000f3ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000f3fff0 00 00 00 00 9a 31 4f 77 - 50 d2 0d 00 00 00 00 00 .....1OwP.......
0000000000f40000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f40010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f40020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f40030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f40040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f40050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x760 <----*

eax=00586f80 ebx=00000000 ecx=00f7fc2c edx=7c90eb94 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=00f7f510 ebp=00f7f598 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\Apphelp.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE
ChildEBP RetAddr Args to Child
00f7f598 7c90104b 0197c0d8 7c914859 7c97c0d8 ntdll!KiFastSystemCallRet
00f7f5dc 7c9166d3 00000000 00000000 00f7f620 ntdll!RtlEnterCriticalSection+0x46
00f7f650 7c91659e 00000001 00000000 00000000 ntdll!LdrGetDllHandleEx+0x12c
00f7f66c 77b46a5a 00000000 00000000 00f7f6c4 ntdll!LdrGetDllHandle+0x18
00f7f83c 77f675aa 00f7fb9c 00000001 00f7f854 Apphelp!ApphelpCheckShellObject+0x10c
00f7f85c 7ca39d19 00f7fb9c 00000000 00000401 SHLWAPI!Ordinal549+0x1d
00f7fb70 7c9eaef7 00f7fb9c 00000000 00000401 SHELL32!ExtractIconExW+0x2c2
00f7fbb0 7c9eaeb6 00f7fc08 00000000 00000000 SHELL32!Ordinal128+0x18f
00f7fbd0 7ca1abf7 00f7fc08 00000000 00000000 SHELL32!Ordinal128+0x14e
00f7fc5c 7c9f764a 000003ee 00000001 00f7fcd4 SHELL32!SHPropStgReadMultiple+0xaf1
00f7fc94 7c9f6cb9 00094788 000003ee 00000001 SHELL32!SHMapIDListToImageListIndexAsync+0x384
00f7fcc4 7c9f7309 00094798 00000000 0017cab0 SHELL32!Shell_GetCachedImageIndex+0x1e2
00f7fcf0 0100b651 00146158 00094798 0017cab0 SHELL32!SHMapIDListToImageListIndexAsync+0x43
00f7fd1c 0100b492 00000000 00094798 0017cab0 Explorer+0xb651
00f7fd80 0100b35e 00000000 00133320 0012777c Explorer+0xb492
00f7fdc4 0100b563 00000000 00127730 00000000 Explorer+0xb35e
00f7fddc 010204d1 00000400 000200ba 00f7fe0c Explorer+0xb563
00f7fdec 010202e0 000200ba 00000400 00000000 Explorer+0x204d1
00f7fe0c 77d48709 000200ba 00000400 00000000 Explorer+0x202e0
00f7fe38 77d487eb 01004a5c 000200ba 00000400 USER32!GetDC+0x72
00f7fea0 77d489a5 0009f740 01004a5c 000200ba USER32!GetDC+0x154
00f7ff00 77d489e8 00f7ff28 00000000 00f7ff44 USER32!GetWindowLongW+0x127
00f7ff10 01001a35 00f7ff28 00000000 010460d8 USER32!DispatchMessageW+0xf
00f7ff44 01011e8b 00000000 00f7ffb4 77f7f5de Explorer+0x1a35
00f7ff50 77f7f5de 010460d8 0000005c 00000000 Explorer+0x11e8b
00f7ffb4 7c80b50b 00000000 0000005c 00000000 SHLWAPI!Ordinal505+0x369
00f7ffec 00000000 77f7f56f 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f7f510 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
0000000000f7f520 00 00 00 00 20 f6 f7 00 - 00 00 00 00 01 00 00 00 .... ...........
0000000000f7f530 33 a7 91 7c 00 00 01 00 - 00 00 00 00 10 02 00 00 3..|............
0000000000f7f540 08 f5 f7 00 ed cf 25 02 - 90 fe f7 00 18 ee 90 7c ......%........|
0000000000f7f550 88 44 91 7c 00 00 09 00 - 81 44 91 7c da 45 91 7c .D.|.....D.|.E.|
0000000000f7f560 00 00 00 00 00 00 09 00 - fc ff ff ff d4 05 01 00 ................
0000000000f7f570 0b 00 00 00 d0 f4 f7 00 - 14 00 04 01 90 fe f7 00 ................
0000000000f7f580 00 00 00 00 70 05 91 7c - ff ff ff ff 6d 05 91 7c ....p..|....m..|
0000000000f7f590 00 00 00 00 08 04 00 00 - dc f5 f7 00 4b 10 90 7c ............K..|
0000000000f7f5a0 d8 c0 97 01 59 48 91 7c - d8 c0 97 7c 00 00 00 00 ....YH.|...|....
0000000000f7f5b0 d8 f6 f7 00 00 00 00 00 - 87 6d b4 77 00 c0 fd 7f .........m.w....
0000000000f7f5c0 9c fb f7 00 ac f5 f7 00 - 00 00 00 00 40 f6 f7 00 ............@...
0000000000f7f5d0 18 ee 90 7c 18 32 91 7c - 00 00 00 00 50 f6 f7 00 ...|.2.|....P...
0000000000f7f5e0 d3 66 91 7c 00 00 00 00 - 00 00 00 00 20 f6 f7 00 .f.|........ ...
0000000000f7f5f0 f8 7e 27 02 20 7f 27 02 - 00 00 00 00 f8 7e 27 02 .~'. .'......~'.
0000000000f7f600 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f7f610 00 00 00 00 d4 04 00 00 - 7b 00 32 00 35 00 35 00 ........{.2.5.5.
0000000000f7f620 00 00 00 00 00 00 66 00 - 34 00 2d 00 32 00 31 00 ......f.4.-.2.1.
0000000000f7f630 00 00 00 00 2d 00 31 00 - f0 f5 f7 00 34 00 2d 00 ....-.1.....4.-.
0000000000f7f640 90 fe f7 00 18 ee 90 7c - b0 66 91 7c 00 00 00 00 .......|.f.|....

*----> State Dump for Thread Id 0x764 <----*

eax=000000c0 ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff edi=7c90fb78
eip=7c90eb94 esp=00fbff9c ebp=00fbffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00fbffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
00fbffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fbff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff fb 00 \..|.y.|........
0000000000fbffac 00 00 00 00 00 00 00 80 - ec ff fb 00 0b b5 80 7c ...............|
0000000000fbffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00 ....x..|........
0000000000fbffcc 00 b0 fd 7f 00 16 1d 87 - c0 ff fb 00 00 49 e8 86 .............I..
0000000000fbffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
0000000000fbffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
0000000000fbfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000fc00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x768 <----*

eax=00000003 ebx=00000000 ecx=01635750 edx=013fadb4 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=00fffd50 ebp=00fffdd8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00fffdd8 7c90104b 0197c0d8 7c917332 7c97c0d8 ntdll!KiFastSystemCallRet
00fffecc 7c80aa7f 75f80000 75f80000 00146e80 ntdll!RtlEnterCriticalSection+0x46
00fffee0 77f68eb0 75f80000 000d8150 77f68e88 kernel32!FreeLibrary+0x19
00fffef8 7c927545 000d8150 7c97c3a0 000d80f8 SHLWAPI!wnsprintfW+0x77
00ffff40 7c927583 77f68e88 000d8150 00000000 ntdll!RtlUpcaseUnicodeString+0x159
00ffff60 7c927645 00000000 000d8150 000d80f8 ntdll!RtlUpcaseUnicodeString+0x197
00ffff74 7c92761c 7c927569 00000000 000d8150 ntdll!RtlUpcaseUnicodeString+0x259
00ffffb4 7c80b50b 00000000 00f7fce4 00f7fce8 ntdll!RtlUpcaseUnicodeString+0x230
00ffffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fffd50 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
0000000000fffd60 00 00 00 00 e1 1d f8 75 - 00 00 f8 75 00 00 00 00 .......u...u....
0000000000fffd70 f0 df 13 00 c0 58 60 77 - 00 00 00 00 e8 1a 4e 77 .....X`w......Nw
0000000000fffd80 00 00 00 00 00 00 00 00 - d0 6f 22 02 00 00 00 00 .........o".....
0000000000fffd90 80 00 00 00 e8 1a 4e 77 - 00 00 00 00 30 02 09 00 ......Nw....0...
0000000000fffda0 e8 1a 4e 77 18 00 00 00 - 00 00 00 00 e8 1a 4e 77 ..Nw..........Nw
0000000000fffdb0 2b 8a 52 77 00 00 00 00 - e8 1a 4e 77 f0 00 00 00 +.Rw......Nw....
0000000000fffdc0 00 00 00 00 e8 1a 4e 77 - d8 01 00 00 00 00 09 00 ......Nw........
0000000000fffdd0 00 00 00 00 08 04 00 00 - cc fe ff 00 4b 10 90 7c ............K..|
0000000000fffde0 d8 c0 97 01 32 73 91 7c - d8 c0 97 7c e1 1d f8 75 ....2s.|...|...u
0000000000fffdf0 00 00 f8 75 00 00 f8 75 - 18 ee 90 7c 70 05 01 00 ...u...u...|p...
0000000000fffe00 1e 00 00 00 60 fd ff 00 - 24 20 4f 77 30 ff ff 00 ....`...$ Ow0...
0000000000fffe10 18 ee 90 7c 70 05 91 7c - ff ff ff ff 6d 05 91 7c ...|p..|....m..|
0000000000fffe20 24 20 4f 77 00 00 09 00 - 34 50 60 77 40 a5 17 00 $ Ow....4P`w@...
0000000000fffe30 60 fe ff 00 8c d5 14 77 - 08 00 00 00 00 00 00 00 `......w........
0000000000fffe40 e7 23 4f 77 ec 58 60 77 - b4 23 4f 77 ec 58 60 77 .#Ow.X`w.#Ow.X`w
0000000000fffe50 6a 85 52 77 00 00 00 00 - 90 fe ff 00 78 e7 0d 00 j.Rw........x...
0000000000fffe60 78 fe ff 00 1f 46 4f 77 - 00 00 00 00 80 6e 14 00 x....FOw.....n..
0000000000fffe70 94 fe ff 00 1b 42 4f 77 - 00 00 00 00 00 00 00 00 .....BOw........
0000000000fffe80 00 00 00 00 00 00 00 00 - e1 1d f8 75 00 00 f8 75 ...........u...u

*----> State Dump for Thread Id 0x76c <----*

eax=000000c0 ebx=00000000 ecx=00f7fb00 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=0113fcec ebp=0113ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0113ffb4 7c80b50b 00000000 00000020 00f7fce4 ntdll!KiFastSystemCallRet
0113ffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000113fcec ab e9 90 7c d5 a0 92 7c - 02 00 00 00 30 fd 13 01 ...|...|....0...
000000000113fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000113fd0c e4 fc f7 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
000000000113fd1c 44 02 00 00 6c 07 00 00 - 02 00 00 00 02 00 00 00 D...l...........
000000000113fd2c 01 00 00 00 40 02 00 00 - 28 02 00 00 00 00 00 00 ....@...(.......
000000000113fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000113fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x7b0 <----*

eax=00bc0010 ebx=011afd58 ecx=08000000 edx=7c90eb94 esi=00000000 edi=7ffd9000
eip=7c90eb94 esp=011afd30 ebp=011afdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
011afdcc 77d4bbfe 00000007 011afdf4 00000000 ntdll!KiFastSystemCallRet
011afe28 7c9f43d9 00000006 011afe50 ffffffff USER32!SetWindowTextW+0x120
011aff4c 7ca3114e 77f7f5de 00000000 7c809988 SHELL32!SHCreateShellFolderView+0x3d6b
011affb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
011affec 00000000 77f7f56f 00f7f4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000011afd30 ab e9 90 7c f2 94 80 7c - 07 00 00 00 58 fd 1a 01 ...|...|....X...
00000000011afd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011afd50 07 00 00 00 02 00 00 00 - d0 04 00 00 f0 05 00 00 ................
00000000011afd60 bc 04 00 00 8c 02 00 00 - a4 02 00 00 98 02 00 00 ................
00000000011afd70 70 02 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 p...0...........
00000000011afd80 58 ef 0e 00 00 00 00 00 - 00 00 00 00 ec fd 1a 01 X...............
00000000011afd90 94 04 d7 77 08 88 d4 77 - 00 90 fd 7f 00 70 fd 7f ...w...w.....p..
00000000011afda0 a5 89 d4 77 00 00 00 00 - 58 fd 1a 01 88 00 01 00 ...w....X.......
00000000011afdb0 07 00 00 00 4c fd 1a 01 - 00 00 00 00 dc ff 1a 01 ....L...........
00000000011afdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe 1a 01 ...|...|....(...
00000000011afdd0 fe bb d4 77 07 00 00 00 - f4 fd 1a 01 00 00 00 00 ...w............
00000000011afde0 ff ff ff ff 01 00 00 00 - d8 56 10 00 06 00 00 00 .........V......
00000000011afdf0 00 00 00 00 d0 04 00 00 - f0 05 00 00 bc 04 00 00 ................
00000000011afe00 8c 02 00 00 a4 02 00 00 - 98 02 00 00 70 02 00 00 ............p...
00000000011afe10 00 00 00 00 59 25 00 00 - 00 00 00 00 01 00 00 00 ....Y%..........
00000000011afe20 00 70 fd 7f 70 02 00 00 - 4c ff 1a 01 d9 43 9f 7c .p..p...L....C.|
00000000011afe30 06 00 00 00 50 fe 1a 01 - ff ff ff ff ff 04 00 00 ....P...........
00000000011afe40 f4 fd 1a 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011afe50 d0 04 00 00 f0 05 00 00 - bc 04 00 00 8c 02 00 00 ................
00000000011afe60 a4 02 00 00 98 02 00 00 - 20 9a 80 7c d8 56 10 00 ........ ..|.V..

*----> State Dump for Thread Id 0x7d8 <----*

eax=00000065 ebx=00000000 ecx=00005b66 edx=7fffffc7 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=013cfd50 ebp=013cfdd8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
013cfdd8 7c90104b 0197c0d8 7c917332 7c97c0d8 ntdll!KiFastSystemCallRet
013cfecc 7c80aa7f 75f80000 75f80000 0012a5a8 ntdll!RtlEnterCriticalSection+0x46
013cfee0 77f68eb0 75f80000 02297fb0 77f68e88 kernel32!FreeLibrary+0x19
013cfef8 7c927545 02297fb0 7c97c3a0 00161cc0 SHLWAPI!wnsprintfW+0x77
013cff40 7c927583 77f68e88 02297fb0 0009f740 ntdll!RtlUpcaseUnicodeString+0x159
013cff60 7c927645 00000000 02297fb0 00161cc0 ntdll!RtlUpcaseUnicodeString+0x197
013cff74 7c92761c 7c927569 00000000 02297fb0 ntdll!RtlUpcaseUnicodeString+0x259
013cffb4 7c80b50b 00000000 0007e9f8 0007e9f8 ntdll!RtlUpcaseUnicodeString+0x230
013cffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000013cfd50 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
00000000013cfd60 00 00 00 00 e1 1d f8 75 - 00 00 f8 75 00 00 00 00 .......u...u....
00000000013cfd70 b8 3f 12 00 c0 58 60 77 - 00 00 bd 00 07 00 00 00 .?...X`w........
00000000013cfd80 b0 3f 12 00 00 00 00 00 - e8 1a 4e 77 00 00 00 00 .?........Nw....
00000000013cfd90 00 00 00 00 b8 3f 12 00 - 00 00 00 00 00 00 00 00 .....?..........
00000000013cfda0 e8 1a 4e 77 00 00 00 00 - 00 00 00 00 50 03 09 00 ..Nw........P...
00000000013cfdb0 2b 8a 52 77 08 00 00 00 - e8 1a 4e 77 00 00 00 00 +.Rw......Nw....
00000000013cfdc0 00 00 00 00 e8 1a 4e 77 - d8 01 00 00 00 00 00 00 ......Nw........
00000000013cfdd0 00 00 00 00 08 04 00 00 - cc fe 3c 01 4b 10 90 7c ..........<.K..|
00000000013cfde0 d8 c0 97 01 32 73 91 7c - d8 c0 97 7c e1 1d f8 75 ....2s.|...|...u
00000000013cfdf0 00 00 f8 75 00 00 f8 75 - f4 fd 3c 01 d8 07 00 00 ...u...u..<.....
00000000013cfe00 00 00 00 00 00 00 00 00 - 6c 24 01 01 3b 00 00 00 ........l$..;...
00000000013cfe10 6c fd 3c 01 00 00 00 00 - 30 ff 3c 01 18 ee 90 7c l.<.....0.<....|
00000000013cfe20 70 05 91 7c ff ff ff ff - 92 42 4f 77 00 00 00 00 p..|.....BOw....
00000000013cfe30 90 fe 3c 01 c0 58 60 77 - 00 00 00 00 00 00 00 00 ..<..X`w........
00000000013cfe40 08 16 0f 00 2c fe 3c 01 - b8 3f 12 00 30 ff 3c 01 ....,.<..?..0.<.
00000000013cfe50 65 32 5f 77 00 00 00 00 - 90 fe 3c 01 08 16 0f 00 e2_w......<.....
00000000013cfe60 78 fe 3c 01 1f 46 4f 77 - 00 00 00 00 a8 a5 12 00 x.<..FOw........
00000000013cfe70 94 fe 3c 01 1b 42 4f 77 - 00 00 00 00 00 00 00 00 ..<..BOw........
00000000013cfe80 00 00 00 00 00 00 00 00 - e1 1d f8 75 00 00 f8 75 ...........u...u

*----> State Dump for Thread Id 0x2f8 <----*

eax=00000020 ebx=00000000 ecx=764088dc edx=00d5f78c esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=00d5f160 ebp=00d5f1e8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\OLEAUT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\NETSHELL.dll -
ChildEBP RetAddr Args to Child
00d5f1e8 7c90104b 0197c0d8 7c9131dc 7c97c0d8 ntdll!KiFastSystemCallRet
00d5f22c 7c916298 00000001 00000000 00d5f28c ntdll!RtlEnterCriticalSection+0x46
00d5f4c8 7c801bb9 0222c5b8 00d5f514 00d5f4f4 ntdll!LdrLoadDll+0xce
00d5f530 7c801d6e 7ffd3c00 00000000 00000000 kernel32!LoadLibraryExW+0xc8
00d5f544 7c801da4 00d5f578 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00d5f560 7713442a 00d5f578 00d5f78c 00d5fc94 kernel32!LoadLibraryA+0x2d
00d5f68c 77137e98 0225f054 00d5f878 76408762 OLEAUT32!SafeArrayCopyData+0x14c
00d5f754 77137e56 00d5f78c 0225f054 00d5fc94 OLEAUT32!LPSAFEARRAY_Unmarshal+0x39
00d5f76c 77e8c706 00d5f78c 0225f054 00d5fc94 OLEAUT32!LPSAFEARRAY_UserUnmarshal+0x15
00d5f7a8 77e8c695 0225f054 00d5fc94 76408762 RPCRT4!NdrUserMarshalUnmarshall+0xf4
00d5f7d8 77e79ca7 00d5f878 00d5fc48 76408762 RPCRT4!NdrUserMarshalUnmarshall+0x83
00d5f830 77ef3688 00d5f878 00d5f974 0600015b RPCRT4!NdrCorrelationPass+0x142
00d5fc0c 77ef3e42 76407cf8 764103ba 00d5fc44 RPCRT4!NdrClientCall2+0x1b8
00d5fc2c 77e89aa4 0000000c 00000003 00d5fd5c RPCRT4!NdrProxySendReceive+0xcd
00d5fc3c 764044cd 0018ad9c 00d5fc94 00000000 RPCRT4!NdrComplexArrayMemorySize+0x695
00d5fd5c 76403aa7 00179cc4 00179ca0 00000000 NETSHELL!DllGetClassObject+0x1194
00d5fe08 7640582a 00d5fe20 00179cc4 00179ca0 NETSHELL!DllGetClassObject+0x76e
00d5fe54 764057d9 00179cc4 00179ca0 00d5fe7c NETSHELL!DllGetClassObject+0x24f1
00d5fe64 76405797 00179ca0 00000000 00000000 NETSHELL!DllGetClassObject+0x24a0
00d5fe7c 0100f216 00179ca0 00000001 00d5feb4 NETSHELL!DllGetClassObject+0x245e
00d5feac 0100f255 00000000 00000001 00000001 Explorer+0xf216
00d5fee0 77f68ea5 00000002 0015d400 77f68e88 Explorer+0xf255
00d5fef8 7c927545 0015d400 7c97c3a0 00179f78 SHLWAPI!wnsprintfW+0x6c
00d5ff40 7c927583 77f68e88 0015d400 0009f740 ntdll!RtlUpcaseUnicodeString+0x159
00d5ff60 7c927645 00000000 0015d400 00179f78 ntdll!RtlUpcaseUnicodeString+0x197
00d5ff74 7c92761c 7c927569 00000000 0015d400 ntdll!RtlUpcaseUnicodeString+0x259
00d5ffb4 7c80b50b 00000000 00f7f8c4 00f7f8c4 ntdll!RtlUpcaseUnicodeString+0x230
00d5ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d5f160 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
0000000000d5f170 00 00 00 00 8c f2 d5 00 - 00 00 00 00 01 00 00 00 ................
0000000000d5f180 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00 W.S.\.s.y.s.t.e.
0000000000d5f190 6d 00 33 00 32 00 5c 00 - 72 00 70 00 63 00 72 00 m.3.2.\.r.p.c.r.
0000000000d5f1a0 74 00 34 00 2e 00 64 00 - 6c 00 6c 00 00 00 00 00 t.4...d.l.l.....
0000000000d5f1b0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d5f1c0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d5f1d0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d5f1e0 00 00 00 00 08 04 00 00 - 2c f2 d5 00 4b 10 90 7c ........,...K..|
0000000000d5f1f0 d8 c0 97 01 dc 31 91 7c - d8 c0 97 7c 08 00 15 c0 .....1.|...|....
0000000000d5f200 01 00 00 00 00 00 00 00 - 00 00 00 00 c8 05 91 7c ...............|
0000000000d5f210 4d 09 00 00 fc f1 d5 00 - 78 62 91 7c b8 f4 d5 00 M.......xb.|....
0000000000d5f220 18 ee 90 7c 18 32 91 7c - ff ff ff ff c8 f4 d5 00 ...|.2.|........
0000000000d5f230 98 62 91 7c 01 00 00 00 - 00 00 00 00 8c f2 d5 00 .b.|............
0000000000d5f240 00 00 00 00 4b 44 13 77 - 00 00 00 00 c8 b4 0d 00 ....KD.w........
0000000000d5f250 00 00 00 00 2d 5a 4f 77 - a4 e7 18 00 90 f2 d5 00 ....-ZOw........
0000000000d5f260 00 00 09 00 32 07 91 7c - 06 00 00 00 a8 07 09 00 ....2..|........
0000000000d5f270 00 00 09 00 00 00 00 00 - 14 f5 d5 00 b8 c5 22 02 ..............".
0000000000d5f280 10 f5 d5 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d5f290 00 00 08 02 a4 f2 d5 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x2fc <----*

eax=00ba0000 ebx=00d9f648 ecx=00001000 edx=7c90eb94 esi=00000398 edi=00000000
eip=7c90eb94 esp=00d9f62c ebp=00d9f934 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d9f934 7c83aa6b 00d9f95c 7c839a54 00d9f964 ntdll!KiFastSystemCallRet
00d9ffec 00000000 01010e63 00000000 00000000 kernel32!FindAtomW+0x110c

*----> Raw Stack Dump <----*
0000000000d9f62c ab e9 90 7c d5 33 86 7c - 02 00 00 00 64 f7 d9 00 ...|.3.|....d...
0000000000d9f63c 01 00 00 00 01 00 00 00 - 00 00 00 00 43 00 3a 00 ............C.:.
0000000000d9f64c 5c 00 57 00 49 00 4e 00 - 44 00 4f 00 57 00 53 00 \.W.I.N.D.O.W.S.
0000000000d9f65c 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00 \.s.y.s.t.e.m.3.
0000000000d9f66c 32 00 5c 00 64 00 72 00 - 77 00 74 00 73 00 6e 00 2.\.d.r.w.t.s.n.
0000000000d9f67c 33 00 32 00 20 00 2d 00 - 70 00 20 00 31 00 38 00 3.2. .-.p. .1.8.
0000000000d9f68c 35 00 32 00 20 00 2d 00 - 65 00 20 00 39 00 32 00 5.2. .-.e. .9.2.
0000000000d9f69c 30 00 20 00 2d 00 67 00 - 00 00 00 00 00 00 00 00 0. .-.g.........
0000000000d9f6ac 2e 00 00 00 00 00 00 00 - 00 00 00 00 34 f9 d9 00 ............4...
0000000000d9f6bc 0f 32 86 7c 05 00 00 00 - 34 f9 d9 00 41 32 86 7c .2.|....4...A2.|
0000000000d9f6cc 69 32 86 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 i2.|............
0000000000d9f6dc 44 00 00 00 00 00 00 00 - 78 34 86 7c 00 00 00 00 D.......x4.|....
0000000000d9f6ec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d9f6fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d9f70c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000d9f71c 00 00 00 00 00 f0 fb 7f - d8 c0 97 7c 37 00 00 00 ...........|7...
0000000000d9f72c 40 49 19 00 00 f0 fb 7f - f8 fb fb 7f ac f6 d9 00 @I..............
0000000000d9f73c a0 bc 18 00 58 fa d9 00 - 18 ee 90 7c 28 69 91 7c ....X......|(i.|
0000000000d9f74c ff ff ff ff 24 69 91 7c - a6 68 91 7c 98 48 19 00 ....$i.|.h.|.H..
0000000000d9f75c 02 00 00 00 ae 68 91 7c - 98 03 00 00 64 05 00 00 .....h.|....d...

*----> State Dump for Thread Id 0x30c <----*

eax=02228790 ebx=00000000 ecx=02228798 edx=cd673f91 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=00ddf160 ebp=00ddf1e8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00ddf1e8 7c90104b 0197c0d8 7c9131dc 7c97c0d8 ntdll!KiFastSystemCallRet
00ddf22c 7c916298 00000001 00000000 00ddf28c ntdll!RtlEnterCriticalSection+0x46
00ddf4c8 7c801bb9 00187f70 00ddf514 00ddf4f4 ntdll!LdrLoadDll+0xce
00ddf530 7c801d6e 7ffbec00 00000000 00000000 kernel32!LoadLibraryExW+0xc8
00ddf544 7c801da4 00ddf578 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00ddf560 7713442a 00ddf578 00ddf78c 00ddfc94 kernel32!LoadLibraryA+0x2d
00ddf68c 77137e98 0223f7f4 00ddf878 76408762 OLEAUT32!SafeArrayCopyData+0x14c
00ddf754 77137e56 00ddf78c 0223f7f4 00ddfc94 OLEAUT32!LPSAFEARRAY_Unmarshal+0x39
00ddf76c 77e8c706 00ddf78c 0223f7f4 00ddfc94 OLEAUT32!LPSAFEARRAY_UserUnmarshal+0x15
00ddf7a8 77e8c695 0223f7f4 00ddfc94 76408762 RPCRT4!NdrUserMarshalUnmarshall+0xf4
00ddf7d8 77e79ca7 00ddf878 00ddfc48 76408762 RPCRT4!NdrUserMarshalUnmarshall+0x83
00ddf830 77ef3688 00ddf878 00ddf974 0600015b RPCRT4!NdrCorrelationPass+0x142
00ddfc0c 77ef3e42 76407cf8 764103ba 00ddfc44 RPCRT4!NdrClientCall2+0x1b8
00ddfc2c 77e89aa4 0000000c 00000003 00ddfd5c RPCRT4!NdrProxySendReceive+0xcd
00ddfc3c 764044cd 02263fc4 00ddfc94 00000000 RPCRT4!NdrComplexArrayMemorySize+0x695
00ddfd5c 76403aa7 022262c4 022262a0 00000000 NETSHELL!DllGetClassObject+0x1194
00ddfe08 7640582a 00ddfe20 022262c4 022262a0 NETSHELL!DllGetClassObject+0x76e
00ddfe54 764057d9 022262c4 022262a0 00ddfe7c NETSHELL!DllGetClassObject+0x24f1
00ddfe64 76405797 022262a0 00000000 00000000 NETSHELL!DllGetClassObject+0x24a0
00ddfe7c 0100f216 022262a0 00000001 00ddfeb4 NETSHELL!DllGetClassObject+0x245e
00ddfeac 0100f255 00000000 00000001 00000001 Explorer+0xf216
00ddfee0 77f68ea5 00000002 00189c68 77f68e88 Explorer+0xf255
00ddfef8 7c927545 00189c68 7c97c3a0 02297fb0 SHLWAPI!wnsprintfW+0x6c
00ddff40 7c927583 77f68e88 00189c68 0009f740 ntdll!RtlUpcaseUnicodeString+0x159
00ddff60 7c927645 00000000 00189c68 02297fb0 ntdll!RtlUpcaseUnicodeString+0x197
00ddff74 7c92761c 7c927569 00000000 00189c68 ntdll!RtlUpcaseUnicodeString+0x259
00ddffb4 7c80b50b 00000000 00000000 00009a40 ntdll!RtlUpcaseUnicodeString+0x230
00ddffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000ddf160 c0 e9 90 7c 1b 90 91 7c - 08 04 00 00 00 00 00 00 ...|...|........
0000000000ddf170 00 00 00 00 8c f2 dd 00 - 00 00 00 00 01 00 00 00 ................
0000000000ddf180 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00 W.S.\.s.y.s.t.e.
0000000000ddf190 6d 00 33 00 32 00 5c 00 - 72 00 70 00 63 00 72 00 m.3.2.\.r.p.c.r.
0000000000ddf1a0 74 00 34 00 2e 00 64 00 - 6c 00 6c 00 00 00 00 00 t.4...d.l.l.....
0000000000ddf1b0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ddf1c0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ddf1d0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ddf1e0 00 00 00 00 08 04 00 00 - 2c f2 dd 00 4b 10 90 7c ........,...K..|
0000000000ddf1f0 d8 c0 97 01 dc 31 91 7c - d8 c0 97 7c 08 00 15 c0 .....1.|...|....
0000000000ddf200 01 00 00 00 00 00 00 00 - f0 93 53 77 58 b6 0d 00 ..........SwX...
0000000000ddf210 4d 09 00 00 fc f1 dd 00 - 78 62 91 7c b8 f4 dd 00 M.......xb.|....
0000000000ddf220 18 ee 90 7c 18 32 91 7c - ff ff ff ff c8 f4 dd 00 ...|.2.|........
0000000000ddf230 98 62 91 7c 01 00 00 00 - 00 00 00 00 8c f2 dd 00 .b.|............
0000000000ddf240 00 00 00 00 4b 44 13 77 - 00 00 00 00 58 b6 0d 00 ....KD.w....X...
0000000000ddf250 00 00 00 00 2d 5a 4f 77 - 04 3f 26 02 1c f3 dd 00 ....-ZOw.?&.....
0000000000ddf260 04 3f 26 02 a8 f2 dd 00 - 8a 89 53 77 dc 3e 26 02 .?&.......Sw.>&.
0000000000ddf270 84 54 4f 77 80 3f 26 02 - 14 f5 dd 00 70 7f 18 00 .TOw.?&.....p...
0000000000ddf280 10 f5 dd 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ddf290 00 00 08 02 a4 f2 dd 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x334 <----*

eax=000001b7 ebx=00000000 ecx=00000100 edx=00447efc esi=000ccad8 edi=00000100
eip=7c90eb94 esp=0220fe1c ebp=0220ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb
  • 0

#13
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
The log file you uploaded is incomplete, so it can't be debugged. You might want to try zipping it up and then attaching the zip file in your post, if it's not too big.

I never received confirmation that you performed these suggestions:

Please make sure you have all available Windows Updates installed on your system.

Try uninstalling Alcohol 120% and then restarting your system.

Also, when SFC asks for your Windows XP CD, insert your Windows XP CD into the disk drive.

Ax
  • 0

#14
j_que

j_que

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
oh sorry bout that i did that updates and uninstalled the alcohol 120

it also asked me to insert my cd so i did

the error actually went away for a few days but just recently it came back again

here is the log :)

Attached Files


  • 0

#15
Ax238

Ax238

    Tech Staff

  • Technician
  • 1,323 posts
Thanks, that's a bit better. Try uninstalling DivX and restarting your machine. Let me know if it's any better.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP