Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Many DrWatson errors and Virtumonde


  • Please log in to reply

#31
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
After removing the other account and rebooting, I eventually received another DrWatson error when trying to open a shortcut to a folder.
  • 0

Advertisements


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Post the last few lines of the drwtsn32.log.
  • 0

#33
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
42408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00daff80 77e76c9f 00daffa8 77e76ac1 00093100 ntdll!KiFastSystemCallRet
00daff88 77e76ac1 00093100 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x61c
00daffa8 77e76c87 000b9d08 00daffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x43e
00daffb4 7c80b683 000c11a0 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x604
00daffec 00000000 77e76c6d 000c11a0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000dafe18 99 e3 90 7c d3 65 e7 77 - ec 01 00 00 74 ff da 00 ...|.e.w....t...
0000000000dafe28 00 00 00 00 78 40 14 00 - 50 ff da 00 00 00 00 00 [email protected]
0000000000dafe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafe48 00 00 00 00 00 00 00 00 - 02 00 00 00 00 00 00 00 ................
0000000000dafe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafe68 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafeb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000dafef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000daff08 00 00 00 00 00 00 00 00 - 00 00 00 00 cc 7c 43 89 .............|C.
0000000000daff18 24 8c a7 ad b2 c2 4d 80 - ba c2 4d 80 9c 7c 43 89 $.....M...M..|C.
0000000000daff28 30 7b 43 89 80 ff da 00 - 86 df e7 77 48 ff da 00 0{C........wH...
0000000000daff38 96 df e7 77 ed 10 90 7c - 28 0a 0c 00 a0 11 0c 00 ...w...|(.......
0000000000daff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x7c8 <----*

eax=774fe429 ebx=00007530 ecx=7ffde000 edx=00000000 esi=00000000 edi=00f0ff50
eip=7c90eb94 esp=00f0ff20 ebp=00f0ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00f0ff78 7c802451 0000ea60 00000000 00f0ffb4 ntdll!KiFastSystemCallRet
00f0ff88 774fe31d 0000ea60 000c3898 774fe3dc kernel32!Sleep+0xf
00f0ffb4 7c80b683 000c3898 00000000 7c91094e ole32!StringFromGUID2+0x51b
00f0ffec 00000000 774fe429 000c3898 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f0ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff f0 00 \..|.#.|....P...
0000000000f0ff30 40 25 80 7c f8 6d 60 77 - 30 75 00 00 14 00 00 00 @%.|.m`w0u......
0000000000f0ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000f0ff50 00 ba 3c dc ff ff ff ff - d4 fe f0 00 50 ff f0 00 ..<.........P...
0000000000f0ff60 30 ff f0 00 e4 fe f0 00 - dc ff f0 00 a8 9a 83 7c 0..............|
0000000000f0ff70 58 24 80 7c 00 00 00 00 - 88 ff f0 00 51 24 80 7c X$.|........Q$.|
0000000000f0ff80 60 ea 00 00 00 00 00 00 - b4 ff f0 00 1d e3 4f 77 `.............Ow
0000000000f0ff90 60 ea 00 00 98 38 0c 00 - dc e3 4f 77 00 00 00 00 `....8....Ow....
0000000000f0ffa0 00 00 00 00 98 38 0c 00 - 00 00 4e 77 44 e4 4f 77 .....8....NwD.Ow
0000000000f0ffb0 4e 09 91 7c ec ff f0 00 - 83 b6 80 7c 98 38 0c 00 N..|.......|.8..
0000000000f0ffc0 00 00 00 00 4e 09 91 7c - 98 38 0c 00 00 a0 fd 7f ....N..|.8......
0000000000f0ffd0 00 e6 77 89 c0 ff f0 00 - 80 6a 42 89 ff ff ff ff ..w......jB.....
0000000000f0ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000f0fff0 00 00 00 00 29 e4 4f 77 - 98 38 0c 00 00 00 00 00 ....).Ow.8......
0000000000f10000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f10010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f10020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f10030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f10040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f10050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x7cc <----*

eax=00f4f7c8 ebx=00000000 ecx=7e418ffb edx=00861a40 esi=7c97c0d8 edi=00000000
eip=7c90eb94 esp=00f4ebdc ebp=00f4ec64 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
  • 0

#34
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
The problem seems System related. Both the Remote Procedure Call and the OLE library are essential in Windows. I am curious that it happened just after you removed the previous profile. If you transferred all the folders into this profile before removing the previous profile, perhaps you should create another profile and test for a while. If no errors are experienced, then move only your documents, pictures and music into the new profile. Anything else may corrupt the profile. There are folders withing the profile with specific settings to that profile, and that could be the reason the profile gets corrupted. Make sure all this is done in Safe Mode under the Administrator account.

Keep me posted.
  • 0

#35
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The only folders I moved were my music, so I'm not sure that's where the problem is.
  • 0

#36
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

The only folders I moved were my music, so I'm not sure that's where the problem is.

It shouldn't be. Since it seems a System problem, if you have the Windows XP installation CD, you may run the System File Checker.

Insert the Windows XP CD. Go to Start->Run, type SFC /RunNow and click OK. That will check the integrity of the System files.

Another option is to install SP3 throughout Windows Updates and test:
  • 0

#37
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I downloaded and installed SP3, and upon the first reboot, there was no DrWatson error, but I recently rebooted my computer, and received another one. Would the System File Checker be able to fix this, or should we try something else now?
  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
What do the last few lines of the drwtsn32.log say about the reason?
  • 0

#39
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Well, I'll just post the last two reasons. There was one error, and then another shortly after that, but it looks like the same reason.

*----> State Dump for Thread Id 0x7e0 <----*

eax=77a8964d ebx=00000000 ecx=01c5db34 edx=00164640 esi=7c97b178 edi=00000000
eip=7c90e4f4 esp=01d5fdc0 ebp=01d5fe48 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
ntdll!RtlRaiseException:
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\CRYPT32.dll -
ChildEBP RetAddr Args to Child
01d5fe48 7c901046 0197b178 7c9175e2 7c97b178 ntdll!KiFastSystemCallRet
01d5ff3c 7c80ac87 76c30000 001de910 00000000 ntdll!RtlEnterCriticalSection+0x46
01d5ff50 77a8989f 76c30000 76c30000 00000000 kernel32!FreeLibrary+0x19
01d5ff98 77a89695 00000000 00000000 00160000 CRYPT32!I_CryptRegisterSmartCardStore+0x298e
01d5ffb4 7c80b713 00000001 00160000 ffffffff CRYPT32!I_CryptRegisterSmartCardStore+0x2784
01d5ffec 00000000 77a8964d 001de910 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001d5fdc0 3c df 90 7c 2b b2 91 7c - 80 00 00 00 00 00 00 00 <..|+..|........
0000000001d5fdd0 00 00 00 00 00 00 00 00 - 10 e9 1d 00 00 00 00 00 ................
0000000001d5fde0 4d 96 a8 77 98 00 91 7c - e9 06 81 7c 1b 00 00 00 M..w...|...|....
0000000001d5fdf0 00 02 00 00 fc ff d5 01 - 23 00 00 00 3c f5 af ff ........#...<...
0000000001d5fe00 30 f8 af ff 18 fa 8c ff - 02 dd 3b ff 00 8e 00 5f 0.........;...._
0000000001d5fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001d5fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 c4 00 5f ..............._
0000000001d5fe30 00 00 00 00 16 f5 b0 ff - 20 fd d7 ff 1a fc bc ff ........ .......
0000000001d5fe40 00 00 00 00 80 00 00 00 - 3c ff d5 01 46 10 90 7c ........<...F..|
0000000001d5fe50 78 b1 97 01 e2 75 91 7c - 78 b1 97 7c 00 00 00 00 x....u.|x..|....
0000000001d5fe60 10 e9 1d 00 00 00 c3 76 - 00 00 00 00 00 00 00 00 .......v........
0000000001d5fe70 00 00 00 00 00 d6 00 5f - 00 d6 00 7f 00 d6 00 7f ......._........
0000000001d5fe80 00 b2 00 5f 00 00 00 00 - 00 00 00 00 00 00 00 00 ..._............
0000000001d5fe90 00 00 00 00 d4 5b c7 ad - c0 27 56 80 61 b7 54 80 .....[...'V.a.T.
0000000001d5fea0 00 00 00 00 00 00 00 00 - e0 e3 0c 8a 00 00 00 00 ................
0000000001d5feb0 00 00 00 00 00 00 00 00 - e4 13 a1 f7 50 2a 2e 8a ............P*..
0000000001d5fec0 02 00 00 00 e0 29 2e 8a - e0 29 2e 8a c0 5b c7 ad .....)...)...[..
0000000001d5fed0 bc 5b c7 ad 39 48 c8 ae - 60 96 a3 89 dc 5b c7 ad .[..9H..`....[..
0000000001d5fee0 cc 5b c7 ad e1 48 c8 ae - 60 96 a3 89 e8 5b c7 ad .[...H..`....[..
0000000001d5fef0 2c df 90 7c 74 95 80 7c - 00 80 fd 7f 8c ff d5 01 ,..|t..|........

*----> State Dump for Thread Id 0xee0 <----*

eax=00000000 ebx=00000000 ecx=00000002 edx=00000003 esi=7c97b178 edi=00000000
eip=7c90e4f4 esp=00b9fc10 ebp=00b9fc98 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
ntdll!RtlRaiseException:
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00b9fc98 7c901046 0197b178 7c91e395 7c97b178 ntdll!KiFastSystemCallRet
00b9fd18 7c90e437 00b9fd2c 7c900000 00000000 ntdll!RtlEnterCriticalSection+0x46
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7

*----> Raw Stack Dump <----*
0000000000b9fc10 3c df 90 7c 2b b2 91 7c - 80 00 00 00 00 00 00 00 <..|+..|........
0000000000b9fc20 00 00 00 00 00 70 fd 7f - 00 d0 fd 7f 00 00 00 00 .....p..........
0000000000b9fc30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc40 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fc90 00 00 00 00 80 00 00 00 - 18 fd b9 00 46 10 90 7c ............F..|
0000000000b9fca0 78 b1 97 01 95 e3 91 7c - 78 b1 97 7c 2c fd b9 00 x......|x..|,...
0000000000b9fcb0 04 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fcc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fcd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fce0 00 00 00 00 00 00 00 00 - 00 70 fd 7f 00 00 00 00 .........p......
0000000000b9fcf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fd00 ac fc b9 00 00 00 00 00 - ff ff ff ff 00 e9 90 7c ...............|
0000000000b9fd10 10 b0 91 7c ff ff ff ff - 00 00 00 00 37 e4 90 7c ...|........7..|
0000000000b9fd20 2c fd b9 00 00 00 90 7c - 00 00 00 00 17 00 01 00 ,......|........
0000000000b9fd30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000b9fd40 00 00 00 00 00 00 00 00 - 20 57 a2 89 01 00 00 00 ........ W......

*----> State Dump for Thread Id 0x3e0 <----*

eax=77e76c7d ebx=00000000 ecx=7c917e3f edx=0168face esi=7c97b178 edi=00000000
eip=7c90e4f4 esp=024dfc14 ebp=024dfc9c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
ntdll!RtlRaiseException:
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
024dfc9c 7c901046 0197b178 7c91e395 7c97b178 ntdll!KiFastSystemCallRet
024dfd1c 7c90e437 024dfd30 7c900000 00000000 ntdll!RtlEnterCriticalSection+0x46
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7

*----> Raw Stack Dump <----*
00000000024dfc14 3c df 90 7c 2b b2 91 7c - 80 00 00 00 00 00 00 00 <..|+..|........
00000000024dfc24 00 00 00 00 00 60 fd 7f - 00 d0 fd 7f 00 00 00 00 .....`..........
00000000024dfc34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc64 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc74 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfc94 00 00 00 00 80 00 00 00 - 1c fd 4d 02 46 10 90 7c ..........M.F..|
00000000024dfca4 78 b1 97 01 95 e3 91 7c - 78 b1 97 7c 30 fd 4d 02 x......|x..|0.M.
00000000024dfcb4 c8 fa 68 00 78 dc 20 00 - 00 00 00 00 00 00 00 00 ..h.x. .........
00000000024dfcc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfcd4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfce4 00 00 00 00 00 00 00 00 - 00 60 fd 7f 00 00 00 00 .........`......
00000000024dfcf4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfd04 b0 fc 4d 02 00 00 00 00 - ff ff ff ff 00 e9 90 7c ..M............|
00000000024dfd14 10 b0 91 7c ff ff ff ff - 00 00 00 00 37 e4 90 7c ...|........7..|
00000000024dfd24 30 fd 4d 02 00 00 90 7c - 00 00 00 00 17 00 01 00 0.M....|........
00000000024dfd34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024dfd44 00 00 00 00 00 00 00 00 - 20 57 a2 89 01 00 00 00 ........ W......
  • 0

#40
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Run the following command:

C:\WINDOWS\system32\dllcache\drwtsn32.exe

Note the location of the Crash Dump, usually:

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Zip and upload this file. If too large, upload the file to the Spykiller Forum as before, and let me know when ready.
  • 0

Advertisements


#41
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The file user.dmp is 0 bytes, so I can't upload it. Also, if it makes any difference, DrWtsn32.exe was in C:\Windows\System32 and there is no dllcache folder there.
  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

there is no dllcache folder there


You have a serious problem with your system. The Dllcache folder is Windows' protection backup. If missing, something must have gone wrong. None of the reports received show issues concerning Malware. They all include legit files essential for Windows' performance.

At this time I see no other choice but to backup your personal files, reformat and reinstall.

If you need a Second Opinion, I strongly suggest you open a new topic in our tech forum for Windows XP. I am sure some of our techs will provide you with some assistance.

I hate to lose one, but sometimes is the only way.

Best wishes!
  • 0

#43
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ah, sorry! I didn't know that the folder was also marked as system, so that was why I couldn't see it before. Don't worry, it's there. So yeah, what should I do? The file you wanted me to upload is 0 bytes, and I assume this means there's nothing written to it.
  • 0

#44
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Lets try to create a minidump file. Backup your registry using ERUNT as before, then remove Dr.Watson as previously indicated.

Right click on My Computer and select Properties. Select the Advanced tab. Under Startup and Recovery, click on Settings. Remove the checkmark from Automatically Restart. Click OK. Restart the computer.

Whenever there will be an error, a BSOD error will be displayed as the computer wont restart. Attempt to produce the error several time, then see if minidump files are created in the C:\Windows\Minidump folder. Sort the files by date. Move like seven of these files into a new folder, zip and upload. Let me also know the error message in full.

Here is an example of the settings:
  • 0

#45
Xad

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
My settings were already set to not restart automatically.

After the second attempt at recreating the error message from before, I again received this error when opening any program:

"Explorer.exe - Application Error
The Instruction at "0x7342611a" referenced memory at "0x7342611a". The memory could not be "read".

Click OK to terminate the program."

After clicking OK, explorer.exe restarted.

There was no BSOD error, and the minidump folder hasn't been created.

After restoring my registry and rebooting, I received yet another error upon loading the desktop.

Windows cannot find C:\WINDOWS\is-BCD4F.exe Make sure you typed the name correctly, and then try again.

Clicking on OK finished loading the desktop

Edited by Xad, 02 September 2008 - 08:03 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP