Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Faulting application explorer.exe

Started by djgotee , May 22 2005 06:34 PM

  • Please log in to reply

#1
djgotee
Posted 22 May 2005 - 06:34 PM

djgotee

    Member

  • Member
  • PipPipPip
  • 269 posts
Hello Im steve. I found your site by performing searches for problems in the windows operating system. Usually I can find my way through most problems, but this time I have one that I have spent hours on to no avail. Ahead are the details and let me say thanks in advance for the people who have been nice enough to allow me and others to post problems like this.


The following proceedures were performed : (to no avail)
ChkDsk
Defrag
Check and repair of viruses (outside of windows with a repair Cd) (3 major viruses found and elimintaed)
Check and repair of malware (outside of windows with a repair Cd)(over 250 instances of malware were found)
Shut off unecessary running programs and utilities
Deleted all cookies, temps, temp int. files, system volume information folder, etc
Checked the registry for consistancy and hijackers and adjusted (hijack this)
Checked all running services and background utilities for authenticity.
Installed spybot s+d and reconfigured the hosts file configurator and restricted zone settings.
Checked and eliminated all dangerous and uneeded broswer helper objects and activeX controls.
Recreated a new clean restore point.


When right clicking on some files, folders or some icons, Theres and explorer error and Dr Watson 32 (post-mortom) init
ates and the the shell seems to restart (explorer crashing)


Event log :

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 5/22/2005
Time: 10:52:24 AM
User: N/A
Computer: S0031865698
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module shell32.dll, version 6.0.2900.2620, fault address 0x000d7bff.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 73 68 65 6c 6c in shell
0038: 33 32 2e 64 6c 6c 20 36 32.dll 6
0040: 2e 30 2e 32 39 30 30 2e .0.2900.
0048: 32 36 32 30 20 61 74 20 2620 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 64 37 62 66 66 0d 00d7bff.
0060: 0a



Dr Watson :

. Application exception occurred:
App: C:\WINNT\Explorer.EXE (pid=1652)
When: 5/20/2005 @ 14:05:43.072
Exception number: c0000006 (in page io error)

*----> System Information <----*
Computer Name: ****
User Name: Administrator
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: ************

*----> Task List <----*
0 System Process
4 System
664 smss.exe
736 csrss.exe
768 winlogon.exe
816 services.exe
828 lsass.exe
984 svchost.exe
1040 svchost.exe
1136 svchost.exe
1180 svchost.exe
1424 svchost.exe
1640 spoolsv.exe
1652 Explorer.EXE
2032 AOLAcsd.exe
132 aoltsmon.exe
204 Ati2evxx.exe
240 KodakCCS.exe
268 mcvsrte.exe
296 MPFSERVICE.exe
344 aoltpspd.exe
488 ScsiAccess.EXE
528 svchost.exe
584 TBPSSvc.exe
652 wanmpsvc.exe
288 WToolsS.exe
1804 alg.exe
1896 MpfAgent.exe
1936 mcshield.exe
3832 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINNT\Explorer.EXE
(0000000020000000 - 00000000202c5000: C:\WINNT\system32\xpsp2res.dll
(000000005ad70000 - 000000005ada8000: C:\WINNT\system32\UxTheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINNT\system32\umdmxfrm.dll
(000000005b860000 - 000000005b8b4000: C:\WINNT\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINNT\System32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINNT\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINNT\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINNT\system32\comctl32.dll
(000000006f880000 - 000000006fa4a000: C:\WINNT\AppPatch\AcGenral.DLL
(0000000071d40000 - 0000000071d5c000: C:\WINNT\System32\actxprxy.dll
(00000000754d0000 - 0000000075550000: C:\WINNT\system32\CRYPTUI.dll
(0000000075f80000 - 000000007607c000: C:\WINNT\system32\BROWSEUI.dll
(0000000076380000 - 0000000076385000: C:\WINNT\System32\MSIMG32.dll
(0000000076600000 - 000000007661d000: C:\WINNT\System32\CSCDLL.dll
(00000000769c0000 - 0000000076a73000: C:\WINNT\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINNT\system32\WINMM.dll
(0000000076c30000 - 0000000076c5e000: C:\WINNT\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINNT\system32\IMAGEHLP.dll
(0000000076f60000 - 0000000076f8c000: C:\WINNT\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINNT\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINNT\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINNT\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINNT\system32\WININET.dll
(00000000773d0000 - 00000000774d2000: C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINNT\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINNT\system32\SHDOCVW.dll
(0000000077a20000 - 0000000077a74000: C:\WINNT\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINNT\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINNT\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINNT\system32\appHelp.dll
(0000000077be0000 - 0000000077bf5000: C:\WINNT\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINNT\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINNT\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINNT\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINNT\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINNT\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINNT\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINNT\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINNT\System32\Secur32.dll
(000000007c800000 - 000000007c8f4000: C:\WINNT\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINNT\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINNT\system32\SHELL32.dll

*----> State Dump for Thread Id 0x678 <----*

eax=0007ff54 ebx=0007fc4c ecx=0007feac edx=7c90eb94 esi=00000000 edi=7ffd7000
eip=7c90eb94 esp=0007fc24 ebp=0007fcc0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHLWAPI.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007fcc0 77d495f9 00000002 0007fce8 00000000 ntdll!KiFastSystemCallRet
0007fd1c 77d496a8 00000001 0007fd84 ffffffff USER32!GetLastInputInfo+0x105
0007fd38 77f77aad 00000001 0007fd84 00000000 USER32!MsgWaitForMultipleObjects+0x1f
0007fd7c 77f73cdb 000001a4 0000d152 7c8092ac SHLWAPI!Ordinal194+0x2d
0007fef8 01017999 01011e62 010460d8 00000008 SHLWAPI!SHCreateThread+0xf5
0007ff5c 0101e2b6 000c4468 00000000 000206ee Explorer+0x17999
0007ffc0 7c816d4f 00000002 5d093c48 7ffd7000 Explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fc24 ab e9 90 7c f2 94 80 7c - 02 00 00 00 4c fc 07 00 ...|...|....L...
000000000007fc34 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007fc44 02 00 00 00 00 00 00 00 - a4 01 00 00 20 00 00 00 ............ ...
000000000007fc54 18 02 00 00 12 00 00 00 - 00 00 00 00 ec 7f 53 00 ..............S.
000000000007fc64 cb b4 d4 77 00 00 00 00 - 14 00 00 00 01 00 00 00 ...w............
000000000007fc74 00 00 00 00 00 00 00 00 - 10 00 00 00 c5 d6 d4 77 ...............w
000000000007fc84 e0 ff 07 00 67 04 d7 77 - 00 70 fd 7f 00 f0 fd 7f ....g..w.p......
000000000007fc94 cb b4 d4 77 00 00 00 00 - 4c fc 07 00 01 00 00 00 ...w....L.......
000000000007fca4 02 00 00 00 40 fc 07 00 - 00 00 00 00 e0 ff 07 00 ....@...........
000000000007fcb4 f3 99 83 7c 90 95 80 7c - 00 00 00 00 1c fd 07 00 ...|...|........
000000000007fcc4 f9 95 d4 77 02 00 00 00 - e8 fc 07 00 00 00 00 00 ...w............
000000000007fcd4 ff ff ff ff 00 00 00 00 - 00 00 00 00 ff ff ff ff ................
000000000007fce4 ac 92 80 7c a4 01 00 00 - 20 00 00 00 0c fd 07 00 ...|.... .......
000000000007fcf4 9d ca d4 77 c8 04 00 00 - 68 fd 07 00 10 59 53 00 ...w....h....YS.
000000000007fd04 00 f0 fd 7f ac 92 80 7c - 00 00 00 00 00 00 00 00 .......|........
000000000007fd14 00 f0 fd 7f 20 00 00 00 - 38 fd 07 00 a8 96 d4 77 .... ...8......w
000000000007fd24 01 00 00 00 84 fd 07 00 - ff ff ff ff 40 00 00 00 ............@...
000000000007fd34 e8 fc 07 00 7c fd 07 00 - ad 7a f7 77 01 00 00 00 ....|....z.w....
000000000007fd44 84 fd 07 00 00 00 00 00 - ff ff ff ff 40 00 00 00 ............@...
000000000007fd54 77 9b 80 7c 00 00 00 00 - 08 00 00 00 34 00 03 00 w..|........4...

*----> State Dump for Thread Id 0x6a8 <----*

eax=000c7fc8 ebx=00000000 ecx=00000000 edx=00000002 esi=000bb3a0 edi=000bb3dc
eip=7c90eb94 esp=0114fe1c ebp=0114ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0114ff80 77e76c22 0114ffa8 77e76a3b 000bb3a0 ntdll!KiFastSystemCallRet
0114ff88 77e76a3b 000bb3a0 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
0114ffa8 77e76c0a 000bb258 0114ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0114ffb4 7c80b50b 000c5800 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
0114ffec 00000000 77e76bf0 000c5800 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000114fe1c 99 e3 90 7c 03 67 e7 77 - 8c 01 00 00 70 ff 14 01 ...|.g.w....p...
000000000114fe2c 00 00 00 00 18 8b 0e 00 - 00 00 00 00 b5 51 31 00 .............Q1.
000000000114fe3c b5 51 31 00 b5 51 31 00 - cf 61 31 00 dc 7e 5a 00 .Q1..Q1..a1..~Z.
000000000114fe4c dc 7e 5a 00 02 7e 5a 00 - 00 00 5a 00 dc 7e 5a 00 .~Z..~Z...Z..~Z.
000000000114fe5c dc 7e 5a 00 c9 77 5a 00 - b5 51 39 00 b5 51 31 00 .~Z..wZ..Q9..Q1.
000000000114fe6c 02 00 00 00 b5 51 31 00 - b5 51 31 00 b5 51 31 00 .....Q1..Q1..Q1.
000000000114fe7c d6 68 39 00 dc 7e 5a 00 - dc 7e 5a 00 dc 7e 5a 00 .h9..~Z..~Z..~Z.
000000000114fe8c dc 7e 5a 00 dc 7e 5a 00 - dc 7e 5a 00 b5 61 4d 00 .~Z..~Z..~Z..aM.
000000000114fe9c b5 51 31 00 b5 51 31 00 - b5 51 31 00 b5 51 31 00 .Q1..Q1..Q1..Q1.
000000000114feac b5 51 31 00 b5 51 31 00 - b5 51 31 00 c9 59 31 00 .Q1..Q1..Q1..Y1.
000000000114febc dc 7e 53 00 dc 7e 5a 00 - dc 7e 5a 00 cf 7e 5a 00 .~S..~Z..~Z..~Z.
000000000114fecc b5 51 3f 00 b5 51 31 00 - b5 51 31 00 b5 51 31 00 .Q?..Q1..Q1..Q1.
000000000114fedc b5 51 31 00 b5 51 31 00 - b5 51 31 00 cf 61 31 00 .Q1..Q1..Q1..a1.
000000000114feec dc 7e 5a 00 dc 7e 5a 00 - ff ff ff ff 46 02 00 00 .~Z..~Z.....F...
000000000114fefc 56 b8 4d 80 20 7c e5 ed - 00 5a a5 82 20 f1 df ff V.M. |...Z.. ...
000000000114ff0c 46 02 00 00 0d c1 4d 80 - 70 5a a5 82 00 5a a5 82 F.....M.pZ...Z..
000000000114ff1c 43 c1 4d 80 6c 5b a5 82 - 00 5a a5 82 34 5a a5 82 C.M.l[...Z..4Z..
000000000114ff2c dc 7e 5a 00 80 ff 14 01 - 99 66 e7 77 4c ff 14 01 .~Z......f.wL...
000000000114ff3c a9 66 e7 77 ed 10 90 7c - 78 55 0c 00 00 58 0c 00 .f.w...|xU...X..
000000000114ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x6b0 <----*

eax=000e4b98 ebx=00000000 ecx=7c9c8540 edx=a0000003 esi=000da168 edi=00000200
eip=7ca53223 esp=011dfdfc ebp=011dfdfc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHELL32.dll -
function: SHELL32!SHCreateQueryCancelAutoPlayMoniker
7ca53204 fd std
7ca53205 ff6804 jmp fword ptr [eax+0x4]
7ca53208 0100 add [eax],eax
7ca5320a 008d8df4fdff add [ebp-0x20b73],cl
7ca53210 ff5105 call dword ptr [ecx+0x5]
7ca53213 0c01 or al,0x1
7ca53215 0000 add [eax],al
7ca53217 50 push eax
7ca53218 ff155c1b9c7c call dword ptr [SHELL32!Ordinal517+0x1b5c (7c9c1b5c)]
7ca5321e e9d1b7fdff jmp SHELL32!SHGetFileInfoW+0x3a49 (7ca2e9f4)
FAULT ->7ca53223 ff750c push dword ptr [ebp+0xc] ss:0023:011dfe08=000da168
7ca53226 50 push eax
7ca53227 e8a581f9ff call SHELL32!ILCombine+0x10c (7c9eb3d1)
7ca5322c e924e0feff jmp SHELL32!CommandLineToArgvW+0x24d (7ca41255)
7ca53231 39450c cmp [ebp+0xc],eax
7ca53234 0f84c5c3fdff je SHELL32!ILSaveToStream+0x484 (7ca2f5ff)
7ca5323a 5d pop ebp
7ca5323b ff2578159c7c jmp dword ptr [SHELL32!Ordinal517+0x1578 (7c9c1578)]
7ca53241 681c000040 push 0x4000001c
7ca53246 e8ca8ff9ff call SHELL32!SHRestricted (7c9ec215)
7ca5324b 85c0 test eax,eax

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
011dfdfc 7cb8f455 000c7de0 000da168 000da0c0 SHELL32!SHCreateQueryCancelAutoPlayMoniker+0x115dd
011dfe14 7cb8b680 000c7de0 000da940 000da168 SHELL32!Ordinal715+0x32f02
011dfe54 77526ad1 000da0c0 000da940 77f67df5 SHELL32!Ordinal715+0x2f12d
011dfe90 75f88904 000da940 75f819a0 011dfee0 ole32!OleLoadFromStream+0x92
011dfea4 75f88bc1 000cc2e8 000da940 75f819a0 BROWSEUI!Ordinal105+0x534
011dfee8 010185a7 00000001 000da940 000da940 BROWSEUI!Ordinal105+0x7f1
011dfefc 01019512 000da940 000cc2dc 00000000 Explorer+0x185a7
011dff24 0101a3b3 00000000 010460d8 0007fdbc Explorer+0x19512
011dff48 010179be 011dffb4 77f7376a 010460d8 Explorer+0x1a3b3
011dff50 77f7376a 010460d8 0000005c 0007fc04 Explorer+0x179be
011dffb4 7c80b50b 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x3d1
011dffec 00000000 77f73713 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000011dfdfc 14 fe 1d 01 55 f4 b8 7c - e0 7d 0c 00 68 a1 0d 00 ....U..|.}..h...
00000000011dfe0c c0 a0 0d 00 e8 7d 0c 00 - 54 fe 1d 01 80 b6 b8 7c .....}..T......|
00000000011dfe1c e0 7d 0c 00 40 a9 0d 00 - 68 a1 0d 00 40 a9 0d 00 .}[email protected]...@...
00000000011dfe2c 00 00 00 00 e0 fe 1d 01 - 22 00 1c 00 0a 11 00 00 ........".......
00000000011dfe3c 1a 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011dfe4c 00 00 00 00 18 00 00 00 - 90 fe 1d 01 d1 6a 52 77 .............jRw
00000000011dfe5c c0 a0 0d 00 40 a9 0d 00 - f5 7d f6 77 00 00 00 00 ....@....}.w....
00000000011dfe6c dc c2 0c 00 a0 19 f8 75 - c0 a0 0d 00 5c a1 0d 00 .......u....\...
00000000011dfe7c b0 e2 2b d8 64 57 d0 11 - a9 6e 00 c0 4f d7 05 a2 ..+.dW...n..O...
00000000011dfe8c b0 b0 00 00 a4 fe 1d 01 - 04 89 f8 75 40 a9 0d 00 ...........u@...
00000000011dfe9c a0 19 f8 75 e0 fe 1d 01 - e8 fe 1d 01 c1 8b f8 75 ...u...........u
00000000011dfeac e8 c2 0c 00 40 a9 0d 00 - a0 19 f8 75 e0 fe 1d 01 [email protected]....
00000000011dfebc b8 6d 0d 00 00 00 00 00 - 40 a9 0d 00 0c 00 00 00 .m......@.......
00000000011dfecc 08 00 00 00 03 00 00 00 - 00 00 00 00 01 00 00 00 ................
00000000011dfedc e8 c2 0c 00 00 00 00 00 - b8 c2 0c 00 fc fe 1d 01 ................
00000000011dfeec a7 85 01 01 01 00 00 00 - 40 a9 0d 00 40 a9 0d 00 ........@...@...
00000000011dfefc 24 ff 1d 01 12 95 01 01 - 40 a9 0d 00 dc c2 0c 00 $.......@.......
00000000011dff0c 00 00 00 00 d8 60 04 01 - bc fd 07 00 02 00 00 00 .....`..........
00000000011dff1c 05 40 00 80 80 00 00 00 - 48 ff 1d 01 b3 a3 01 01 [email protected].......
00000000011dff2c 00 00 00 00 d8 60 04 01 - bc fd 07 00 75 7a 01 01 .....`......uz..

*----> State Dump for Thread Id 0x6b4 <----*

eax=7c92798d ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff edi=7c90fb78
eip=7c90eb94 esp=0121ff9c ebp=0121ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0121ffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
0121ffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000121ff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 21 01 \..|.y.|......!.
000000000121ffac 00 00 00 00 00 00 00 80 - ec ff 21 01 0b b5 80 7c ..........!....|
000000000121ffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00 ....x..|........
000000000121ffcc 00 b0 fd 7f 00 26 fc 82 - c0 ff 21 01 c0 88 ee 82 .....&....!.....
000000000121ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
000000000121ffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
000000000121fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000122009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000012200ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000012200bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000012200cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x6b8 <----*

eax=7c910760 ebx=00000000 ecx=7c910992 edx=011dfb00 esi=7c97c380 edi=7c97c3a0
eip=7c90eb94 esp=0125ff70 ebp=0125ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0125ffb4 7c80b50b 00000000 011dfce4 011dfce8 ntdll!KiFastSystemCallRet
0125ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000125ff70 1b e3 90 7c 9d 07 91 7c - cc 01 00 00 ac ff 25 01 ...|...|......%.
000000000125ff80 b0 ff 25 01 98 ff 25 01 - a0 ff 25 01 e4 fc 1d 01 ..%...%...%.....
000000000125ff90 e8 fc 1d 01 00 00 00 00 - 00 00 00 00 81 a8 4f 80 ..............O.
000000000125ffa0 00 7c 28 e8 ff ff ff ff - 00 00 00 00 00 00 00 00 .|(.............
000000000125ffb0 dc e2 90 7c ec ff 25 01 - 0b b5 80 7c 00 00 00 00 ...|..%....|....
000000000125ffc0 e4 fc 1d 01 e8 fc 1d 01 - 00 00 00 00 00 a0 fd 7f ................
000000000125ffd0 00 26 fc 82 c0 ff 25 01 - c0 88 ee 82 ff ff ff ff .&....%.........
000000000125ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000125fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00 ....`..|........
0000000001260000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001260090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000012600a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x6bc <----*

eax=000000c0 ebx=00000000 ecx=011dfb00 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=0129fcec ebp=0129ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0129ffb4 7c80b50b 00000000 00000020 011dfce4 ntdll!KiFastSystemCallRet
0129ffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000129fcec ab e9 90 7c d5 a0 92 7c - 02 00 00 00 30 fd 29 01 ...|...|....0.).
000000000129fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000129fd0c e4 fc 1d 01 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
000000000129fd1c d4 01 00 00 bc 06 00 00 - 02 00 00 00 02 00 00 00 ................
000000000129fd2c 01 00 00 00 d0 01 00 00 - b8 01 00 00 00 00 00 00 ................
000000000129fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000129fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x6d4 <----*

eax=01160010 ebx=0130fd58 ecx=00008000 edx=7c90eb94 esi=00000000 edi=7ffd7000
eip=7c90eb94 esp=0130fd30 ebp=0130fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0130fdcc 77d495f9 00000004 0130fdf4 00000000 ntdll!KiFastSystemCallRet
0130fe28 7c9f4e1f 00000003 0130fe50 ffffffff USER32!GetLastInputInfo+0x105
0130ff4c 7ca0a300 77f73782 00000000 7c809988 SHELL32!Ordinal646+0x21ea
0130ffb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
0130ffec 00000000 77f73713 011df4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000130fd30 ab e9 90 7c f2 94 80 7c - 04 00 00 00 58 fd 30 01 ...|...|....X.0.
000000000130fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000130fd50 04 00 00 00 02 00 00 00 - 18 02 00 00 20 02 00 00 ............ ...
000000000130fd60 24 02 00 00 f8 01 00 00 - 00 00 00 00 10 00 00 00 $...............
000000000130fd70 00 00 00 00 01 00 00 00 - 14 00 00 00 01 00 00 00 ................
000000000130fd80 58 ad 0d 00 00 00 00 00 - 00 00 00 00 ec fd 30 01 X.............0.
000000000130fd90 67 04 d7 77 30 88 d4 77 - 00 70 fd 7f 00 80 fd 7f g..w0..w.p......
000000000130fda0 cd 89 d4 77 00 00 00 00 - 58 fd 30 01 70 00 01 00 ...w....X.0.p...
000000000130fdb0 04 00 00 00 4c fd 30 01 - 00 00 00 00 dc ff 30 01 ....L.0.......0.
000000000130fdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe 30 01 ...|...|....(.0.
000000000130fdd0 f9 95 d4 77 04 00 00 00 - f4 fd 30 01 00 00 00 00 ...w......0.....
000000000130fde0 ff ff ff ff 01 00 00 00 - 60 d8 0c 00 03 00 00 00 ........`.......
000000000130fdf0 00 00 00 00 18 02 00 00 - 20 02 00 00 24 02 00 00 ........ ...$...
000000000130fe00 f8 01 00 00 20 fe 30 01 - 00 00 00 00 00 00 00 00 .... .0.........
000000000130fe10 00 00 00 00 15 6c 00 00 - 00 00 00 00 01 00 00 00 .....l..........
000000000130fe20 00 80 fd 7f f8 01 00 00 - 4c ff 30 01 1f 4e 9f 7c ........L.0..N.|
000000000130fe30 03 00 00 00 50 fe 30 01 - ff ff ff ff ff 04 00 00 ....P.0.........
000000000130fe40 f4 fd 30 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..0.............
000000000130fe50 18 02 00 00 20 02 00 00 - 24 02 00 00 0f 9a 80 7c .... ...$......|
000000000130fe60 00 00 00 00 18 02 00 00 - 20 9a 80 7c 60 d8 0c 00 ........ ..|`...
  • 0

Advertisements

#2
gerryf
Posted 25 May 2005 - 08:29 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
WToolsS.exe== adware...could be the cause of your problem
  • 0

#3
djgotee
Posted 25 May 2005 - 08:32 AM

djgotee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 269 posts
thanks so much gerry....
  • 0

#4
gerryf
Posted 25 May 2005 - 08:34 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
another interesting thing, had you noticed you have two comctl32.dll files being accessed?

What are the two versions of these files? Are they the same?
  • 0

#5
djgotee
Posted 25 May 2005 - 08:39 AM

djgotee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 269 posts
No i did not notice gerry.....im at home presently and this computer is at the customers location. Ill check that when i get the chance. But how the heck does a problem like this still remain if all malware has been eliminated? thanks gerry
  • 0

#6
tim.s
Posted 08 June 2005 - 02:46 PM

tim.s

    Member

  • Member
  • PipPip
  • 15 posts
I read these posts looking for answers and they end with no conclusion to the problem.
I realize that once a computer works most people don't care about anything else.
It would be nice though to have a post of how the original problem or issue was fixed.

I have this same problem using Windows Explorer. Did Explorer work after getting rid of WtoolsS.exe and is their an answer about the 2 versions of comctl32.dll running or is it a problem?

Thank you,

Tim

Edited by tim.s, 08 June 2005 - 05:20 PM.

  • 0

#7
tim.s
Posted 22 June 2005 - 11:50 AM

tim.s

    Member

  • Member
  • PipPip
  • 15 posts
I had to come back and post the answer to my problem and maybe someone elses. http://www.nirsoft.n...s/shexview.html
Give this link a try. As soon as the list of extensions came up I knew which one was giving me my problem. I disabled it and explorer works like it is supposed to. Lot's of other good utilities on his site.

Tim
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP