Application Exception occurred in Explorer.exe

Guest · Oct 24, 2005

When starting PC a string of Alarm messages are posted that state
"Access Violation at address 77F8F281 in module NTLDLL.DLL write of address
00000010."

There are very many of these that eventually disappear and the PC recovers.
This has so far happened on at least 2 of my company's PCs.

There is no Event Log entry for this. However there is a DR Watson Log as
follows....

Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights reserved.

Application exception occurred:
App: explorer.exe (pid=1584)
When: 8/23/2005 @ 08:41:17.373
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: HILW0044
User Name: jdeane
Number of Processors: 1
Processor Type: x86 Family 15 Model 3 Stepping 4
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: Havant International Ltd
Registered Owner: IT Services

*----> Task List <----*
0 Idle.exe
8 System.exe
152 SMSS.exe
176 CSRSS.exe
196 WINLOGON.exe
224 SERVICES.exe
236 LSASS.exe
412 SVCHOST.exe
440 spoolsv.exe
500 BAsfIpM.exe
520 defwatch.exe
536 SVCHOST.exe
556 fgpixservice2.e.exe
572 hidserv.exe
600 Iap.exe
624 rtvscan.exe
716 REGSVC.exe
732 mstask.exe
800 SVCHOST.exe
828 inetinfo.exe
856 SVCHOST.exe
1584 EXPLORER.exe
260 hkcmd.exe
1376 DVDLauncher.exe
1440 vptray.exe
1316 jusched.exe
768 INTERNAT.exe
1180 jucheck.exe
1348 acrotray.exe
1536 QuickDCF.exe
644 IEXPLORE.exe
1444 OUTLOOK.exe
1336 WINWORD.exe
1504 FRONTPG.exe
1424 DRWTSN32.exe
0 _Total.exe

(00400000 - 0043E000)
(77F80000 - 77FFC000)
(7C2D0000 - 7C335000)
(7C570000 - 7C623000)
(77D30000 - 77DA8000)
(77F40000 - 77F7F000)
(77E10000 - 77E79000)
(70A70000 - 70AD6000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(7CF30000 - 7D186000)
(7CE20000 - 7CF21000)
(7C950000 - 7C9E0000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(00DF0000 - 00F3A000)
(71500000 - 715FC000)
(7C0F0000 - 7C154000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(7CDC0000 - 7CE13000)
(77980000 - 779A4000)
(75050000 - 75058000)
(75030000 - 75044000)
(75020000 - 75028000)
(751C0000 - 751C6000)
(77BF0000 - 77C01000)
(77950000 - 7797B000)
(7C340000 - 7C34F000)
(75150000 - 75160000)
(76F20000 - 76F97000)
(76620000 - 76631000)
(70340000 - 70381000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(745E0000 - 748A6000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(63000000 - 63095000)
(7C740000 - 7C7CC000)
(77430000 - 77441000)
(76290000 - 762CD000)
(6DE80000 - 6DEE4000)
(6E420000 - 6E426000)
(75E60000 - 75E7A000)
(718C0000 - 71944000)
(10000000 - 1000A000)
(01900000 - 01969000)
(71960000 - 71972000)
(01B20000 - 01B2B000)
(01B30000 - 01BEB000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(695E0000 - 69609000)
(1A400000 - 1A47D000)
(70440000 - 704CF000)
(63580000 - 6381E000)
(75AC0000 - 75AE8000)
(658F0000 - 65A05000)
(026D0000 - 026EF000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(027F0000 - 02806000)
(70020000 - 70025000)
(76710000 - 76719000)
(70510000 - 7051A000)
(75D40000 - 75D46000)
(75080000 - 75090000)
(75100000 - 75149000)
(76B30000 - 76B6E000)
(750A0000 - 750C8000)
(770B0000 - 770B7000)

State Dump for Thread Id 0x610

eax=0006f6d0 ebx=00000001 ecx=00000003 edx=00000000 esi=00095748 edi=00000000
eip=77e3c7cd esp=0006ff00 ebp=0006ff1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: WaitMessage
77e3c7c2 b836120000 mov eax,0x1236
77e3c7c7 8d542404 lea edx,[esp+0x4]
ss:00af9de7=????????
77e3c7cb cd2e int 2e
77e3c7cd c3 ret
77e3c7ce 90 nop
77e3c7cf 90 nop
77e3c7d0 90 nop
77e3c7d1 90 nop
77e3c7d2 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0006FF1C 7CF36E3C 00000000 004084C4 00095748 00000000 user32!WaitMessage
0006FF60 00408201 0000005C 00000000 0002073A 00000001 shell32!Ordinal201
0006FFC0 7C598989 00000000 00000000 7FFDF000 00000000 explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!ProcessIdToSessionId

*----> Raw Stack Dump <----*
0006ff00 8a b8 f8 7c d2 ed 57 7c - 48 57 09 00 01 00 00 00 ...|..W|HW......
0006ff10 48 57 09 00 48 57 09 00 - 60 ff 06 00 60 ff 06 00 HW..HW..`...`...
0006ff20 3c 6e f3 7c 00 00 00 00 - c4 84 40 00 48 57 09 00 <n.|[email protected]..
0006ff30 00 00 00 00 3a 07 02 00 - 00 f0 fd 7f f0 8b 0d 81 ....:...........
0006ff40 f2 52 58 7c ff ff ff ff - 0c 00 00 00 3a 07 02 00 .RX|........:...
0006ff50 3b 53 58 7c 02 00 00 00 - 8e 1e 4a 1d e0 ff 06 00 ;SX|......J.....
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00 00 ......@.\.......
0006ff70 3a 07 02 00 01 00 00 00 - 00 00 00 00 44 00 00 00 :...........D...
0006ff80 38 64 07 00 90 45 07 00 - 58 64 07 00 00 00 00 00 8d...E..Xd......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06 00 ................
0006ffa0 e0 9a 07 00 90 e9 06 00 - 01 00 00 00 01 00 00 00 ................
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff ff ................
0006ffc0 f0 ff 06 00 89 89 59 7c - 00 00 00 00 00 00 00 00 ......Y|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00 00 ................
0006ffe0 ff ff ff ff 54 1f 5c 7c - 18 2b 57 7c 00 00 00 00 ....T.\|.+W|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00 00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00 00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - 04 31 00 00 ff ef fd 7f ..... ...1......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

State Dump for Thread Id 0x138

eax=00000102 ebx=80040002 ecx=80040002 edx=00000000 esi=00086e30 edi=00000100
eip=77f88b37 esp=00dafe28 ebp=00daff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4]
ss:01839d0f=adf00d0b
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00DAFF74 77D4E0C0 77D4E09C 00086E30 77D4F701 00070000
ntdll!ZwReplyWaitReceivePortEx
00DAFFA8 77D4AF16 00078A88 00DAFFEC 7C57B388 00086F90 rpcrt4!UuidCreate
00DAFFB4 7C57B388 00086F90 77D4F701 00070000 00086F90
rpcrt4!RpcMgmtSetCancelTimeout
00DAFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x45c

eax=00000000 ebx=00000102 ecx=7ffdc000 edx=00000000 esi=77f88398 edi=00deff74
eip=77f883a3 esp=00deff60 ebp=00deff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4]
ss:01879e47=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00DEFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
00deff60 8f a2 59 7c 00 00 00 00 - 74 ff de 00 bf 9f 59 7c ..Y|....t.....Y|
00deff70 50 96 08 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 P.....<.....0u..
00deff80 5a a2 59 7c 60 ea 00 00 - 00 00 00 00 45 5d e7 7c Z.Y|`.......E].|
00deff90 60 ea 00 00 2c 7f e5 7c - 00 00 00 00 00 00 e2 7c `...,..|.......|
00deffa0 50 96 08 00 ec ff de 00 - 50 96 08 00 8b 7f e5 7c P.......P......|
00deffb0 26 37 e5 7c 89 b4 e6 7c - 88 b3 57 7c 50 96 08 00 &7.|...|..W|P...
00deffc0 26 37 e5 7c 89 b4 e6 7c - 50 96 08 00 00 c0 fd 7f &7.|...|P.......
00deffd0 c0 45 07 00 c0 ff de 00 - c0 45 07 00 ff ff ff ff .E.......E......
00deffe0 54 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00 T.\|.+W|........
00defff0 00 00 00 00 6f 7f e5 7c - 50 96 08 00 00 00 00 00 ....o..|P.......
00df0000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............
00df0010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@.......
00df0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00df0030 00 00 00 00 00 00 00 00 - 00 00 00 00 f0 00 00 00 ................
00df0040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th
00df0050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno
00df0060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in DOS
00df0070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00 mode....$.......
00df0080 91 39 6e 27 d5 58 00 74 - d5 58 00 74 d5 58 00 74 .9n'.X.t.X.t.X.t
00df0090 1f 7b 27 74 d0 58 00 74 - d5 58 01 74 16 5b 00 74 .{'t.X.t.X.t.[.t

State Dump for Thread Id 0x564

eax=fffffdee ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=77e3c7cd esp=00f7ff2c ebp=00f7ff4c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: WaitMessage
77e3c7c2 b836120000 mov eax,0x1236
77e3c7c7 8d542404 lea edx,[esp+0x4]
ss:01a09e13=????????
77e3c7cb cd2e int 2e
77e3c7cd c3 ret
77e3c7ce 90 nop
77e3c7cf 90 nop
77e3c7d0 90 nop
77e3c7d1 90 nop
77e3c7d2 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00F7FF4C 0040A389 70A83E37 00400000 00360033 00310037 user32!WaitMessage
00F7FFB4 7C57B388 00000000 00360033 00310037 0006FEE0 explorer!<nosymbols>
00F7FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x43c

eax=03250010 ebx=00000009 ecx=04000000 edx=00000000 esi=77f88ef8 edi=00000009
eip=77f88f03 esp=00fcfd98 ebp=00fcfde4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01a59c7f=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00FCFDE4 77E4169F 00085D70 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00FCFE40 77E41706 00FCFE0C 00FCFEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00FCFE5C 7CF8BD66 00000008 00FCFEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7D05EBF8 FFFFFFFF 00000000 00000000 000001C0 00000000 shell32!Ordinal68
77FCF980 7D05EBF8 77FCF9A8 77FCF968 000000AF 000000AF <nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 shell32!<nosymbols>

State Dump for Thread Id 0x4f8

eax=7ffd2004 ebx=00000002 ecx=00000044 edx=00000000 esi=77f88ef8 edi=00000002
eip=77f88f03 esp=0109fe5c ebp=0109fea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01b29d43=00000000
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0109FEA8 77E4169F 0109FE80 00000001 00000000 0109FEA0
ntdll!NtWaitForMultipleObjects
0109FF04 77E41706 0109FED0 70ACE7B8 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0109FF20 70AC4F1F 00000001 70ACE7B8 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0109FF74 70AC52A7 0109FFA0 0109FFA4 0109FFA8 0109FF9C !Ordinal265
0109FFAC 70AC5385 00000000 7C57B388 00000000 00000000 !Ordinal293
0109FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293

State Dump for Thread Id 0x1d4

eax=000000c0 ebx=00f7fccc ecx=00000101 edx=00000000 esi=ffffffff edi=00000557
eip=77f883a3 esp=0122ffa0 ebp=0122ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4]
ss:01cb9e87=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0122FFB4 7C57B388 00F7FCCC 00000557 FFFFFFFF 00F7FCCC ntdll!NtDelayExecution
0122FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x61c

eax=004b30e8 ebx=00000000 ecx=004b30e8 edx=00000000 esi=00000000 edi=0126fda4
eip=77f88403 esp=0126f9f0 ebp=0126fa50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: NtDeviceIoControlFile
77f883f8 b838000000 mov eax,0x38
77f883fd 8d542404 lea edx,[esp+0x4]
ss:01cf98d7=????????
77f88401 cd2e int 2e
77f88403 c22800 ret 0x28
77f88406 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0126FA50 76F585B4 000008E8 0017000E 76F5F700 00000038
ntdll!NtDeviceIoControlFile
0126FD30 76F52B06 000A4C2C 0126FD4C 000A4BA8 000A4B98 netshell!<nosymbols>
0126FDA8 76F53B99 0126FDC4 0126FDEC 000C8FD8 000B5DA8
netshell!NetSetupSetProgressCallback
0126FDCC 76F50F7D 000A4BA8 0126FDEC 00000000 0126FED8
netshell!NetSetupSetProgressCallback
0126FDF4 76F50F05 1D53B728 000C8FD8 0126FE24 77E4158F
netshell!NetSetupSetProgressCallback
0126FE04 77E4158F 00000000 00000113 00005185 1D53B728
netshell!NetSetupSetProgressCallback
0126FE24 77E3C01A 76F50ED1 00000000 00000113 00005185 user32!GetTopWindow
0126FEB0 77E41E7E 0126FED8 00000000 76F21E2C 0126FED8 user32!GetLastInputInfo
00000001 00000000 00000000 00000000 00000000 00000000 user32!DispatchMessageW

*----> Raw Stack Dump <----*
0126f9f0 e7 94 57 7c e8 08 00 00 - 00 00 00 00 00 00 00 00 ..W|............
0126fa00 00 00 00 00 28 fa 26 01 - 0e 00 17 00 00 f7 f5 76 ....(.&........v
0126fa10 38 00 00 00 84 fa 26 01 - a0 02 00 00 a4 fd 26 01 8.....&.......&.
0126fa20 4c fd 26 01 e8 08 00 00 - e4 fd 26 01 f8 9d f4 76 L.&.......&....v
0126fa30 98 88 f5 76 74 fa 26 01 - 1c fa 26 01 01 01 01 01 ...vt.&...&.....
0126fa40 a0 fe 26 01 54 1f 5c 7c - a8 1e 57 7c ff ff ff ff ..&.T.\|..W|....
0126fa50 30 fd 26 01 b4 85 f5 76 - e8 08 00 00 0e 00 17 00 0.&....v........
0126fa60 00 f7 f5 76 38 00 00 00 - 84 fa 26 01 a0 02 00 00 ...v8.....&.....
0126fa70 38 fd 26 01 00 00 00 00 - ec fd 26 01 a4 fd 26 01 8.&.......&...&.
0126fa80 98 4b 0a 00 07 01 01 00 - 04 00 00 00 40 42 0f 00 .K..........@B..
0126fa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01 80 ................
0126faa0 04 00 00 00 00 00 00 00 - 01 01 02 00 08 00 00 00 ................
0126fab0 83 c1 30 00 00 00 00 00 - 02 01 02 00 08 00 00 00 ..0.............
0126fac0 89 4c 3e 00 00 00 00 00 - 03 01 02 00 08 00 00 00 .L>.............
0126fad0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fae0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126faf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

State Dump for Thread Id 0x454

eax=77801aae ebx=77e2b350 ecx=7780314c edx=00000000 esi=012afd70 edi=77e41ebb
eip=77e41eb3 esp=012afd04 ebp=012afd1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: DispatchMessageW
77e41e99 e8349dffff call GetFocus+0x50 (77e3bbd2)
77e41e9e e93effffff jmp GetWindowLongW+0x681 (77e41de1)
77e41ea3 90 nop
77e41ea4 90 nop
77e41ea5 90 nop
77e41ea6 90 nop
77e41ea7 90 nop
77e41ea8 b89a110000 mov eax,0x119a
77e41ead 8d542404 lea edx,[esp+0x4]
ss:01d39beb=????????
77e41eb1 cd2e int 2e
77e41eb3 c21000 ret 0x10
77e41eb6 90 nop
77e41eb7 90 nop
77e41eb8 90 nop
77e41eb9 90 nop
77e41eba 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
012AFD1C 766D1AD2 012AFD70 00000000 00000000 00000000 user32!DispatchMessageW
012AFD90 766D198E 00100050 00000000 766D2848 00000001
stobject!DllGetClassObject
012AFFB4 7C57B388 00000000 77FB7E64 77F83158 00000000
stobject!DllGetClassObject
012AFFEC 00000000 766D1949 00000000 00000000 00040000 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
012afd04 e4 1e e4 77 70 fd 2a 01 - 00 00 00 00 00 00 00 00 ...wp.*.........
012afd14 00 00 00 00 00 00 00 00 - 90 fd 2a 01 d2 1a 6d 76 ..........*...mv
012afd24 70 fd 2a 01 00 00 00 00 - 00 00 00 00 00 00 00 00 p.*.............
012afd34 64 7e fb 77 00 00 6d 76 - 00 00 00 00 30 00 00 00 d~.w..mv....0...
012afd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00 00 [email protected]........
012afd54 00 00 6d 76 db 00 a9 00 - 11 00 01 00 10 00 00 00 ..mv............
012afd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 50 00 10 00 ....P(mv....P...
012afd74 13 01 00 00 07 00 00 00 - 00 00 00 00 ed 71 4a 1d .............qJ.
012afd84 9e 01 00 00 83 01 00 00 - 00 00 00 00 b4 ff 2a 01 ..............*.
012afd94 8e 19 6d 76 50 00 10 00 - 00 00 00 00 48 28 6d 76 ..mvP.......H(mv
012afda4 01 00 00 00 58 31 f8 77 - 43 00 3a 00 5c 00 57 00 ....X1.wC.:.\.W.
012afdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73 00 I.N.N.T.\.s.y.s.
012afdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74 00 t.e.m.3.2.\.s.t.
012afdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64 00 o.b.j.e.c.t...d.
012afde4 6c 00 6c 00 00 00 57 7c - 1b 00 00 00 00 02 00 00 l.l...W|........
012afdf4 fc ff 2a 01 23 00 00 00 - 00 00 00 00 00 00 00 00 ..*.#...........
012afe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012afe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012afe24 00 00 00 00 00 00 00 00 - 03 86 01 00 48 f0 2d 82 ............H.-.
012afe34 00 07 00 00 30 c4 44 80 - 03 86 01 00 48 f0 2d 82 ....0.D.....H.-.

State Dump for Thread Id 0x534

eax=00000000 ebx=80030001 ecx=000b5c10 edx=00000000 esi=00086e30 edi=00000100
eip=77f88b37 esp=0132fe28 ebp=0132ff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4]
ss:01db9d0f=????????
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0132FF74 77D4E0C0 77D4E09C 00086E30 00000000 00000000
ntdll!ZwReplyWaitReceivePortEx
0132FFA8 77D4AF16 00078A88 0132FFEC 7C57B388 000AFC20 rpcrt4!UuidCreate
0132FFB4 7C57B388 000AFC20 00000000 00000000 000AFC20
rpcrt4!RpcMgmtSetCancelTimeout
0132FFEC 00000000 77D4AEFC 000AFC20 00000000 00000000 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
0132fe28 c4 e6 d5 77 28 01 00 00 - 54 ff 32 01 00 00 00 00 ...w(...T.2.....
0132fe38 08 0a 0d 00 58 ff 32 01 - 10 8a 07 00 98 aa 09 00 ....X.2.........
0132fe48 c0 7f f8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
0132fe58 00 00 00 00 00 00 00 00 - 48 53 7f 81 00 00 00 00 ........HS......
0132fe68 02 00 00 00 01 00 00 00 - 50 21 22 81 1c ab 9f ae ........P!".....
0132fe78 30 e0 06 82 8c ab 9f ae - 01 00 22 81 03 00 00 00 0.........".....
0132fe88 b0 2b 06 82 08 31 5b 81 - 00 00 00 00 08 20 22 81 .+...1[...... ".
0132fe98 f0 30 5b 81 00 00 00 00 - 08 20 22 81 00 ac 9f ae .0[...... ".....
0132fea8 cb 3c 42 80 08 20 22 81 - d4 4b 06 80 00 4b 06 80 .<B.. "..K...K..
0132feb8 00 00 00 00 80 bb b9 00 - c6 7e 26 af 3b 56 26 af .........~&.;V&.
0132fec8 20 cf b9 81 00 00 00 00 - e0 ab 9f ae 00 ac 9f ae ...............
0132fed8 00 ac 9f ae ad 50 26 af - bb 50 26 af 60 d9 9e 81 .....P&..P&.`...
0132fee8 08 20 22 81 08 20 22 81 - 08 31 5b 81 a0 ab 9f ae . ".. "..1[.....
0132fef8 3d 00 00 00 f0 ac 9f ae - f0 fb 45 80 28 1d 40 80 =.........E.(.@.
0132ff08 08 20 22 81 00 00 00 00 - 00 4b 06 80 f0 30 5b 81 . "......K...0[.
0132ff18 00 00 00 00 3c ac 9f ae - 28 ac 9f ae c4 e8 4a 80 ....<...(.....J.
0132ff28 74 21 22 81 00 00 00 00 - 20 e8 ab 81 00 dc b1 81 t!"..... .......
0132ff38 00 00 00 00 90 dd b1 81 - 60 ac 9f ae 63 c3 42 80 ........`...c.B.
0132ff48 6b c3 42 80 00 dc b1 81 - 60 dd b1 81 01 00 03 80 k.B.....`.......
0132ff58 00 a2 2f 4d ff ff ff ff - 50 fe 32 01 01 00 03 80 ../M....P.2.....

State Dump for Thread Id 0x458

eax=77562bda ebx=00000002 ecx=00000000 edx=00000000 esi=77f88ef8 edi=00000002
eip=77f88f03 esp=0138ff24 ebp=0138ff70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01e19e0b=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0138FF70 7C59A10E 0138FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0138FFB4 7C57B388 00000000 00000009 012AF520 00000000
kernel32!WaitForMultipleObjects
0138FFEC 00000000 77562BDA 00000000 00000000 000000C8 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
0138ff24 fb a1 59 7c 02 00 00 00 - 48 ff 38 01 01 00 00 00 ..Y|....H.8.....
0138ff34 00 00 00 00 00 00 00 00 - 09 00 00 00 00 00 00 00 ................
0138ff44 00 00 00 00 6c 03 00 00 - f4 02 00 00 80 9d 75 81 ....l.........u.
0138ff54 d4 4b 06 80 00 6d b1 ae - 7d 3a 4e 80 00 00 00 00 .K...m..}:N.....
0138ff64 c0 14 a8 81 00 00 00 00 - b0 6c b1 ae b4 ff 38 01 .........l....8.
0138ff74 0e a1 59 7c 48 ff 38 01 - 01 00 00 00 00 00 00 00 ..Y|H.8.........
0138ff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00 00 .........,Vw....
0138ff94 a4 ff 38 01 00 00 00 00 - ff ff ff ff 20 f5 2a 01 ..8......... .*.
0138ffa4 6c 03 00 00 f4 02 00 00 - 00 00 00 00 00 00 00 00 l...............
0138ffb4 ec ff 38 01 88 b3 57 7c - 00 00 00 00 09 00 00 00 ..8...W|........
0138ffc4 20 f5 2a 01 00 00 00 00 - 00 e0 fa 7f 00 00 00 00 .*.............
0138ffd4 c0 ff 38 01 00 00 00 00 - ff ff ff ff 54 1f 5c 7c ..8.........T.\|
0138ffe4 08 2b 57 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 .+W|............
0138fff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00 00 .+Vw............
01390004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00 00 ................
01390014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00 00 ......... ......
01390024 00 20 00 00 23 02 00 00 - ff ef fd 7f 09 00 08 06 . ..#...........
01390034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
01390044 98 05 39 01 0f 00 00 00 - f8 ff ff ff 50 00 39 01 ..9.........P.9.
01390054 50 00 39 01 40 06 39 01 - 00 00 00 00 00 00 00 00 [email protected].........

State Dump for Thread Id 0x1e8

eax=014cff64 ebx=000493e0 ecx=000861d0 edx=00000000 esi=00085fc8 edi=000493e0
eip=77f88af7 esp=014cfebc ebp=014cfee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297

function: NtRemoveIoCompletion
77f88aec b8a8000000 mov eax,0xa8
77f88af1 8d542404 lea edx,[esp+0x4]
ss:01f59da3=????????
77f88af5 cd2e int 2e
77f88af7 c21400 ret 0x14
77f88afa 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
014CFEE4 77D4FA03 00000124 014CFF1C 014CFF0C 014CFF14
ntdll!NtRemoveIoCompletion
014CFF20 77D4F964 000493E0 014CFF60 014CFF5C 014CFF70
rpcrt4!PerformRpcInitialization
014CFF74 77D43DD7 77D4E003 00085FC8 012AF3E2 77F86775
rpcrt4!PerformRpcInitialization
014CFFA8 77D4AF16 000C2490 014CFFEC 7C57B388 000BFA30
rpcrt4!RpcBindingSetOption
014CFFB4 7C57B388 000BFA30 012AF3E2 77F86775 000BFA30
rpcrt4!RpcMgmtSetCancelTimeout
014CFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x1dc

eax=00000001 ebx=0011b1e8 ecx=0011b1e8 edx=aed2daec esi=00000630 edi=000fd010
eip=7cf8b2fb esp=01abba88 ebp=01abba9c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: Ordinal68
7cf8b2e3 e923fcffff jmp Ordinal68+0x4ce (7cf8af0b)
7cf8b2e8 90 nop
7cf8b2e9 90 nop
7cf8b2ea 90 nop
7cf8b2eb 90 nop
7cf8b2ec 90 nop
7cf8b2ed 8b8168010000 mov eax,[ecx+0x168]
ds:0011b350=00000001
7cf8b2f3 85c0 test eax,eax
7cf8b2f5 7415 jz Ordinal181+0xc3f7 (7cf9b20c)
7cf8b2f7 ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
FAULT ->7cf8b2fb 8b08 mov ecx,[eax]
ds:00000001=????????
7cf8b2fd ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
7cf8b301 ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
7cf8b305 50 push eax
7cf8b306 ff510c call dword ptr [ecx+0xc]
ds:00ba50ce=????????
7cf8b309 c20c00 ret 0xc
7cf8b30c b801400080 mov eax,0x80004001
7cf8b311 ebf6 jmp Ordinal181+0x55f4 (7cf94409)
7cf8b313 90 nop
7cf8b314 90 nop
7cf8b315 90 nop
7cf8b316 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01ABBA9C 7CF8CC1E 0011B1E8 00000000 000FD010 00000630 shell32!Ordinal68
01ABBCC8 7CF8CB6F 00001000 000FD010 00000000 01ABBF08 shell32!Ordinal645
01ABBE40 77E4158F 001902A0 000004A0 00001000 000FD010 shell32!Ordinal645
01ABBE60 77E3C19D 7CF8B90F 001902A0 000004A0 00000724 user32!GetTopWindow
01ABBE7C 77E3C1CA 00470F98 000004A0 00000724 00000630 user32!DefWindowProcW
01ABBEA4 77F91BAF 01ABBEB4 00000018 00470F98 000004A0 user32!DefWindowProcW
01ABBEE4 7510E45A 01ABBF08 00000000 00000000 00000000
ntdll!KiUserCallbackDispatcher
01ABBF24 7510962A 00000001 01ABC0C4 01ABC0B8 00000000
netui2!HAS_MESSAGE_PUMP::RunMessagePump
00000000 00000000 00000000 00000000 00000000 00000000
netui2!DIALOG_WINDOW:

rocess

John John · Oct 24, 2005

Exception number: c0000005 in explorer.exe are often caused by damaged
or mismatched Internet Explorer files, you might want to try to repair
Internet Explorer and see if it fixes the problem. Also, once the pc
recovers after booting, and if the Task List that you posted is
immediately after the pc starts, you might want to take a good look at
the applications and services that are set to start automatically when
the pc boots. Not for me to say but it seems that the list is a bit
heavy, some of these items may hamper your troubleshooting efforts. Not
for me to say but do you really need these items to start automatically:

1348 acrotray.exe
644 IEXPLORE.exe
1444 OUTLOOK.exe
1336 WINWORD.exe
1504 FRONTPG.exe

And I'm not sure what this is: fgpixservice2.e.exe Might be a valid
item but looks a bit fishy to me.

John

When starting PC a string of Alarm messages are posted that state
"Access Violation at address 77F8F281 in module NTLDLL.DLL write of address
00000010."

There are very many of these that eventually disappear and the PC recovers.
This has so far happened on at least 2 of my company's PCs.

There is no Event Log entry for this. However there is a DR Watson Log as
follows....

Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights reserved.

Application exception occurred:
App: explorer.exe (pid=1584)
When: 8/23/2005 @ 08:41:17.373
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: HILW0044
User Name: jdeane
Number of Processors: 1
Processor Type: x86 Family 15 Model 3 Stepping 4
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: Havant International Ltd
Registered Owner: IT Services

*----> Task List <----*
0 Idle.exe
8 System.exe
152 SMSS.exe
176 CSRSS.exe
196 WINLOGON.exe
224 SERVICES.exe
236 LSASS.exe
412 SVCHOST.exe
440 spoolsv.exe
500 BAsfIpM.exe
520 defwatch.exe
536 SVCHOST.exe
556 fgpixservice2.e.exe
572 hidserv.exe
600 Iap.exe
624 rtvscan.exe
716 REGSVC.exe
732 mstask.exe
800 SVCHOST.exe
828 inetinfo.exe
856 SVCHOST.exe
1584 EXPLORER.exe
260 hkcmd.exe
1376 DVDLauncher.exe
1440 vptray.exe
1316 jusched.exe
768 INTERNAT.exe
1180 jucheck.exe
1348 acrotray.exe
1536 QuickDCF.exe
644 IEXPLORE.exe
1444 OUTLOOK.exe
1336 WINWORD.exe
1504 FRONTPG.exe
1424 DRWTSN32.exe
0 _Total.exe

(00400000 - 0043E000)
(77F80000 - 77FFC000)
(7C2D0000 - 7C335000)
(7C570000 - 7C623000)
(77D30000 - 77DA8000)
(77F40000 - 77F7F000)
(77E10000 - 77E79000)
(70A70000 - 70AD6000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(7CF30000 - 7D186000)
(7CE20000 - 7CF21000)
(7C950000 - 7C9E0000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(00DF0000 - 00F3A000)
(71500000 - 715FC000)
(7C0F0000 - 7C154000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(7CDC0000 - 7CE13000)
(77980000 - 779A4000)
(75050000 - 75058000)
(75030000 - 75044000)
(75020000 - 75028000)
(751C0000 - 751C6000)
(77BF0000 - 77C01000)
(77950000 - 7797B000)
(7C340000 - 7C34F000)
(75150000 - 75160000)
(76F20000 - 76F97000)
(76620000 - 76631000)
(70340000 - 70381000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(745E0000 - 748A6000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(63000000 - 63095000)
(7C740000 - 7C7CC000)
(77430000 - 77441000)
(76290000 - 762CD000)
(6DE80000 - 6DEE4000)
(6E420000 - 6E426000)
(75E60000 - 75E7A000)
(718C0000 - 71944000)
(10000000 - 1000A000)
(01900000 - 01969000)
(71960000 - 71972000)
(01B20000 - 01B2B000)
(01B30000 - 01BEB000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(695E0000 - 69609000)
(1A400000 - 1A47D000)
(70440000 - 704CF000)
(63580000 - 6381E000)
(75AC0000 - 75AE8000)
(658F0000 - 65A05000)
(026D0000 - 026EF000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(027F0000 - 02806000)
(70020000 - 70025000)
(76710000 - 76719000)
(70510000 - 7051A000)
(75D40000 - 75D46000)
(75080000 - 75090000)
(75100000 - 75149000)
(76B30000 - 76B6E000)
(750A0000 - 750C8000)
(770B0000 - 770B7000)

State Dump for Thread Id 0x610

eax=0006f6d0 ebx=00000001 ecx=00000003 edx=00000000 esi=00095748 edi=00000000
eip=77e3c7cd esp=0006ff00 ebp=0006ff1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: WaitMessage
77e3c7c2 b836120000 mov eax,0x1236
77e3c7c7 8d542404 lea edx,[esp+0x4]
ss:00af9de7=????????
77e3c7cb cd2e int 2e
77e3c7cd c3 ret
77e3c7ce 90 nop
77e3c7cf 90 nop
77e3c7d0 90 nop
77e3c7d1 90 nop
77e3c7d2 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0006FF1C 7CF36E3C 00000000 004084C4 00095748 00000000 user32!WaitMessage
0006FF60 00408201 0000005C 00000000 0002073A 00000001 shell32!Ordinal201
0006FFC0 7C598989 00000000 00000000 7FFDF000 00000000 explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!ProcessIdToSessionId

*----> Raw Stack Dump <----*
0006ff00 8a b8 f8 7c d2 ed 57 7c - 48 57 09 00 01 00 00 00 ...|..W|HW......
0006ff10 48 57 09 00 48 57 09 00 - 60 ff 06 00 60 ff 06 00 HW..HW..`...`...
0006ff20 3c 6e f3 7c 00 00 00 00 - c4 84 40 00 48 57 09 00 <n.|[email protected]..
0006ff30 00 00 00 00 3a 07 02 00 - 00 f0 fd 7f f0 8b 0d 81 ....:...........
0006ff40 f2 52 58 7c ff ff ff ff - 0c 00 00 00 3a 07 02 00 .RX|........:...
0006ff50 3b 53 58 7c 02 00 00 00 - 8e 1e 4a 1d e0 ff 06 00 ;SX|......J.....
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00 00 ......@.\.......
0006ff70 3a 07 02 00 01 00 00 00 - 00 00 00 00 44 00 00 00 :...........D...
0006ff80 38 64 07 00 90 45 07 00 - 58 64 07 00 00 00 00 00 8d...E..Xd......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06 00 ................
0006ffa0 e0 9a 07 00 90 e9 06 00 - 01 00 00 00 01 00 00 00 ................
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff ff ................
0006ffc0 f0 ff 06 00 89 89 59 7c - 00 00 00 00 00 00 00 00 ......Y|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00 00 ................
0006ffe0 ff ff ff ff 54 1f 5c 7c - 18 2b 57 7c 00 00 00 00 ....T.\|.+W|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00 00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00 00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - 04 31 00 00 ff ef fd 7f ..... ...1......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

State Dump for Thread Id 0x138

eax=00000102 ebx=80040002 ecx=80040002 edx=00000000 esi=00086e30 edi=00000100
eip=77f88b37 esp=00dafe28 ebp=00daff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4]
ss:01839d0f=adf00d0b
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00DAFF74 77D4E0C0 77D4E09C 00086E30 77D4F701 00070000
ntdll!ZwReplyWaitReceivePortEx
00DAFFA8 77D4AF16 00078A88 00DAFFEC 7C57B388 00086F90 rpcrt4!UuidCreate
00DAFFB4 7C57B388 00086F90 77D4F701 00070000 00086F90
rpcrt4!RpcMgmtSetCancelTimeout
00DAFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x45c

eax=00000000 ebx=00000102 ecx=7ffdc000 edx=00000000 esi=77f88398 edi=00deff74
eip=77f883a3 esp=00deff60 ebp=00deff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4]
ss:01879e47=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00DEFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
00deff60 8f a2 59 7c 00 00 00 00 - 74 ff de 00 bf 9f 59 7c ..Y|....t.....Y|
00deff70 50 96 08 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 P.....<.....0u..
00deff80 5a a2 59 7c 60 ea 00 00 - 00 00 00 00 45 5d e7 7c Z.Y|`.......E].|
00deff90 60 ea 00 00 2c 7f e5 7c - 00 00 00 00 00 00 e2 7c `...,..|.......|
00deffa0 50 96 08 00 ec ff de 00 - 50 96 08 00 8b 7f e5 7c P.......P......|
00deffb0 26 37 e5 7c 89 b4 e6 7c - 88 b3 57 7c 50 96 08 00 &7.|...|..W|P...
00deffc0 26 37 e5 7c 89 b4 e6 7c - 50 96 08 00 00 c0 fd 7f &7.|...|P.......
00deffd0 c0 45 07 00 c0 ff de 00 - c0 45 07 00 ff ff ff ff .E.......E......
00deffe0 54 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00 T.\|.+W|........
00defff0 00 00 00 00 6f 7f e5 7c - 50 96 08 00 00 00 00 00 ....o..|P.......
00df0000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............
00df0010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@.......
00df0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00df0030 00 00 00 00 00 00 00 00 - 00 00 00 00 f0 00 00 00 ................
00df0040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th
00df0050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno
00df0060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in DOS
00df0070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00 mode....$.......
00df0080 91 39 6e 27 d5 58 00 74 - d5 58 00 74 d5 58 00 74 .9n'.X.t.X.t.X.t
00df0090 1f 7b 27 74 d0 58 00 74 - d5 58 01 74 16 5b 00 74 .{'t.X.t.X.t.[.t

State Dump for Thread Id 0x564

eax=fffffdee ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=77e3c7cd esp=00f7ff2c ebp=00f7ff4c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: WaitMessage
77e3c7c2 b836120000 mov eax,0x1236
77e3c7c7 8d542404 lea edx,[esp+0x4]
ss:01a09e13=????????
77e3c7cb cd2e int 2e
77e3c7cd c3 ret
77e3c7ce 90 nop
77e3c7cf 90 nop
77e3c7d0 90 nop
77e3c7d1 90 nop
77e3c7d2 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00F7FF4C 0040A389 70A83E37 00400000 00360033 00310037 user32!WaitMessage
00F7FFB4 7C57B388 00000000 00360033 00310037 0006FEE0 explorer!<nosymbols>
00F7FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x43c

eax=03250010 ebx=00000009 ecx=04000000 edx=00000000 esi=77f88ef8 edi=00000009
eip=77f88f03 esp=00fcfd98 ebp=00fcfde4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01a59c7f=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00FCFDE4 77E4169F 00085D70 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00FCFE40 77E41706 00FCFE0C 00FCFEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00FCFE5C 7CF8BD66 00000008 00FCFEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7D05EBF8 FFFFFFFF 00000000 00000000 000001C0 00000000 shell32!Ordinal68
77FCF980 7D05EBF8 77FCF9A8 77FCF968 000000AF 000000AF <nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 shell32!<nosymbols>

State Dump for Thread Id 0x4f8

eax=7ffd2004 ebx=00000002 ecx=00000044 edx=00000000 esi=77f88ef8 edi=00000002
eip=77f88f03 esp=0109fe5c ebp=0109fea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01b29d43=00000000
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0109FEA8 77E4169F 0109FE80 00000001 00000000 0109FEA0
ntdll!NtWaitForMultipleObjects
0109FF04 77E41706 0109FED0 70ACE7B8 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0109FF20 70AC4F1F 00000001 70ACE7B8 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0109FF74 70AC52A7 0109FFA0 0109FFA4 0109FFA8 0109FF9C !Ordinal265
0109FFAC 70AC5385 00000000 7C57B388 00000000 00000000 !Ordinal293
0109FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293

State Dump for Thread Id 0x1d4

eax=000000c0 ebx=00f7fccc ecx=00000101 edx=00000000 esi=ffffffff edi=00000557
eip=77f883a3 esp=0122ffa0 ebp=0122ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4]
ss:01cb9e87=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0122FFB4 7C57B388 00F7FCCC 00000557 FFFFFFFF 00F7FCCC ntdll!NtDelayExecution
0122FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x61c

eax=004b30e8 ebx=00000000 ecx=004b30e8 edx=00000000 esi=00000000 edi=0126fda4
eip=77f88403 esp=0126f9f0 ebp=0126fa50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: NtDeviceIoControlFile
77f883f8 b838000000 mov eax,0x38
77f883fd 8d542404 lea edx,[esp+0x4]
ss:01cf98d7=????????
77f88401 cd2e int 2e
77f88403 c22800 ret 0x28
77f88406 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0126FA50 76F585B4 000008E8 0017000E 76F5F700 00000038
ntdll!NtDeviceIoControlFile
0126FD30 76F52B06 000A4C2C 0126FD4C 000A4BA8 000A4B98 netshell!<nosymbols>
0126FDA8 76F53B99 0126FDC4 0126FDEC 000C8FD8 000B5DA8
netshell!NetSetupSetProgressCallback
0126FDCC 76F50F7D 000A4BA8 0126FDEC 00000000 0126FED8
netshell!NetSetupSetProgressCallback
0126FDF4 76F50F05 1D53B728 000C8FD8 0126FE24 77E4158F
netshell!NetSetupSetProgressCallback
0126FE04 77E4158F 00000000 00000113 00005185 1D53B728
netshell!NetSetupSetProgressCallback
0126FE24 77E3C01A 76F50ED1 00000000 00000113 00005185 user32!GetTopWindow
0126FEB0 77E41E7E 0126FED8 00000000 76F21E2C 0126FED8 user32!GetLastInputInfo
00000001 00000000 00000000 00000000 00000000 00000000 user32!DispatchMessageW

*----> Raw Stack Dump <----*
0126f9f0 e7 94 57 7c e8 08 00 00 - 00 00 00 00 00 00 00 00 ..W|............
0126fa00 00 00 00 00 28 fa 26 01 - 0e 00 17 00 00 f7 f5 76 ....(.&........v
0126fa10 38 00 00 00 84 fa 26 01 - a0 02 00 00 a4 fd 26 01 8.....&.......&.
0126fa20 4c fd 26 01 e8 08 00 00 - e4 fd 26 01 f8 9d f4 76 L.&.......&....v
0126fa30 98 88 f5 76 74 fa 26 01 - 1c fa 26 01 01 01 01 01 ...vt.&...&.....
0126fa40 a0 fe 26 01 54 1f 5c 7c - a8 1e 57 7c ff ff ff ff ..&.T.\|..W|....
0126fa50 30 fd 26 01 b4 85 f5 76 - e8 08 00 00 0e 00 17 00 0.&....v........
0126fa60 00 f7 f5 76 38 00 00 00 - 84 fa 26 01 a0 02 00 00 ...v8.....&.....
0126fa70 38 fd 26 01 00 00 00 00 - ec fd 26 01 a4 fd 26 01 8.&.......&...&.
0126fa80 98 4b 0a 00 07 01 01 00 - 04 00 00 00 40 42 0f 00 .K..........@B..
0126fa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01 80 ................
0126faa0 04 00 00 00 00 00 00 00 - 01 01 02 00 08 00 00 00 ................
0126fab0 83 c1 30 00 00 00 00 00 - 02 01 02 00 08 00 00 00 ..0.............
0126fac0 89 4c 3e 00 00 00 00 00 - 03 01 02 00 08 00 00 00 .L>.............
0126fad0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fae0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126faf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0126fb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

State Dump for Thread Id 0x454

eax=77801aae ebx=77e2b350 ecx=7780314c edx=00000000 esi=012afd70 edi=77e41ebb
eip=77e41eb3 esp=012afd04 ebp=012afd1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: DispatchMessageW
77e41e99 e8349dffff call GetFocus+0x50 (77e3bbd2)
77e41e9e e93effffff jmp GetWindowLongW+0x681 (77e41de1)
77e41ea3 90 nop
77e41ea4 90 nop
77e41ea5 90 nop
77e41ea6 90 nop
77e41ea7 90 nop
77e41ea8 b89a110000 mov eax,0x119a
77e41ead 8d542404 lea edx,[esp+0x4]
ss:01d39beb=????????
77e41eb1 cd2e int 2e
77e41eb3 c21000 ret 0x10
77e41eb6 90 nop
77e41eb7 90 nop
77e41eb8 90 nop
77e41eb9 90 nop
77e41eba 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
012AFD1C 766D1AD2 012AFD70 00000000 00000000 00000000 user32!DispatchMessageW
012AFD90 766D198E 00100050 00000000 766D2848 00000001
stobject!DllGetClassObject
012AFFB4 7C57B388 00000000 77FB7E64 77F83158 00000000
stobject!DllGetClassObject
012AFFEC 00000000 766D1949 00000000 00000000 00040000 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
012afd04 e4 1e e4 77 70 fd 2a 01 - 00 00 00 00 00 00 00 00 ...wp.*.........
012afd14 00 00 00 00 00 00 00 00 - 90 fd 2a 01 d2 1a 6d 76 ..........*...mv
012afd24 70 fd 2a 01 00 00 00 00 - 00 00 00 00 00 00 00 00 p.*.............
012afd34 64 7e fb 77 00 00 6d 76 - 00 00 00 00 30 00 00 00 d~.w..mv....0...
012afd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00 00 [email protected]........
012afd54 00 00 6d 76 db 00 a9 00 - 11 00 01 00 10 00 00 00 ..mv............
012afd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 50 00 10 00 ....P(mv....P...
012afd74 13 01 00 00 07 00 00 00 - 00 00 00 00 ed 71 4a 1d .............qJ.
012afd84 9e 01 00 00 83 01 00 00 - 00 00 00 00 b4 ff 2a 01 ..............*.
012afd94 8e 19 6d 76 50 00 10 00 - 00 00 00 00 48 28 6d 76 ..mvP.......H(mv
012afda4 01 00 00 00 58 31 f8 77 - 43 00 3a 00 5c 00 57 00 ....X1.wC.:.\.W.
012afdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73 00 I.N.N.T.\.s.y.s.
012afdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74 00 t.e.m.3.2.\.s.t.
012afdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64 00 o.b.j.e.c.t...d.
012afde4 6c 00 6c 00 00 00 57 7c - 1b 00 00 00 00 02 00 00 l.l...W|........
012afdf4 fc ff 2a 01 23 00 00 00 - 00 00 00 00 00 00 00 00 ..*.#...........
012afe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012afe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012afe24 00 00 00 00 00 00 00 00 - 03 86 01 00 48 f0 2d 82 ............H.-.
012afe34 00 07 00 00 30 c4 44 80 - 03 86 01 00 48 f0 2d 82 ....0.D.....H.-.

State Dump for Thread Id 0x534

eax=00000000 ebx=80030001 ecx=000b5c10 edx=00000000 esi=00086e30 edi=00000100
eip=77f88b37 esp=0132fe28 ebp=0132ff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4]
ss:01db9d0f=????????
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0132FF74 77D4E0C0 77D4E09C 00086E30 00000000 00000000
ntdll!ZwReplyWaitReceivePortEx
0132FFA8 77D4AF16 00078A88 0132FFEC 7C57B388 000AFC20 rpcrt4!UuidCreate
0132FFB4 7C57B388 000AFC20 00000000 00000000 000AFC20
rpcrt4!RpcMgmtSetCancelTimeout
0132FFEC 00000000 77D4AEFC 000AFC20 00000000 00000000 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
0132fe28 c4 e6 d5 77 28 01 00 00 - 54 ff 32 01 00 00 00 00 ...w(...T.2.....
0132fe38 08 0a 0d 00 58 ff 32 01 - 10 8a 07 00 98 aa 09 00 ....X.2.........
0132fe48 c0 7f f8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
0132fe58 00 00 00 00 00 00 00 00 - 48 53 7f 81 00 00 00 00 ........HS......
0132fe68 02 00 00 00 01 00 00 00 - 50 21 22 81 1c ab 9f ae ........P!".....
0132fe78 30 e0 06 82 8c ab 9f ae - 01 00 22 81 03 00 00 00 0.........".....
0132fe88 b0 2b 06 82 08 31 5b 81 - 00 00 00 00 08 20 22 81 .+...1[...... ".
0132fe98 f0 30 5b 81 00 00 00 00 - 08 20 22 81 00 ac 9f ae .0[...... ".....
0132fea8 cb 3c 42 80 08 20 22 81 - d4 4b 06 80 00 4b 06 80 .<B.. "..K...K..
0132feb8 00 00 00 00 80 bb b9 00 - c6 7e 26 af 3b 56 26 af .........~&.;V&.
0132fec8 20 cf b9 81 00 00 00 00 - e0 ab 9f ae 00 ac 9f ae ...............
0132fed8 00 ac 9f ae ad 50 26 af - bb 50 26 af 60 d9 9e 81 .....P&..P&.`...
0132fee8 08 20 22 81 08 20 22 81 - 08 31 5b 81 a0 ab 9f ae . ".. "..1[.....
0132fef8 3d 00 00 00 f0 ac 9f ae - f0 fb 45 80 28 1d 40 80 =.........E.(.@.
0132ff08 08 20 22 81 00 00 00 00 - 00 4b 06 80 f0 30 5b 81 . "......K...0[.
0132ff18 00 00 00 00 3c ac 9f ae - 28 ac 9f ae c4 e8 4a 80 ....<...(.....J.
0132ff28 74 21 22 81 00 00 00 00 - 20 e8 ab 81 00 dc b1 81 t!"..... .......
0132ff38 00 00 00 00 90 dd b1 81 - 60 ac 9f ae 63 c3 42 80 ........`...c.B.
0132ff48 6b c3 42 80 00 dc b1 81 - 60 dd b1 81 01 00 03 80 k.B.....`.......
0132ff58 00 a2 2f 4d ff ff ff ff - 50 fe 32 01 01 00 03 80 ../M....P.2.....

State Dump for Thread Id 0x458

eax=77562bda ebx=00000002 ecx=00000000 edx=00000000 esi=77f88ef8 edi=00000002
eip=77f88f03 esp=0138ff24 ebp=0138ff70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

function: NtWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4]
ss:01e19e0b=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0138FF70 7C59A10E 0138FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0138FFB4 7C57B388 00000000 00000009 012AF520 00000000
kernel32!WaitForMultipleObjects
0138FFEC 00000000 77562BDA 00000000 00000000 000000C8 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
0138ff24 fb a1 59 7c 02 00 00 00 - 48 ff 38 01 01 00 00 00 ..Y|....H.8.....
0138ff34 00 00 00 00 00 00 00 00 - 09 00 00 00 00 00 00 00 ................
0138ff44 00 00 00 00 6c 03 00 00 - f4 02 00 00 80 9d 75 81 ....l.........u.
0138ff54 d4 4b 06 80 00 6d b1 ae - 7d 3a 4e 80 00 00 00 00 .K...m..}:N.....
0138ff64 c0 14 a8 81 00 00 00 00 - b0 6c b1 ae b4 ff 38 01 .........l....8.
0138ff74 0e a1 59 7c 48 ff 38 01 - 01 00 00 00 00 00 00 00 ..Y|H.8.........
0138ff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00 00 .........,Vw....
0138ff94 a4 ff 38 01 00 00 00 00 - ff ff ff ff 20 f5 2a 01 ..8......... .*.
0138ffa4 6c 03 00 00 f4 02 00 00 - 00 00 00 00 00 00 00 00 l...............
0138ffb4 ec ff 38 01 88 b3 57 7c - 00 00 00 00 09 00 00 00 ..8...W|........
0138ffc4 20 f5 2a 01 00 00 00 00 - 00 e0 fa 7f 00 00 00 00 .*.............
0138ffd4 c0 ff 38 01 00 00 00 00 - ff ff ff ff 54 1f 5c 7c ..8.........T.\|
0138ffe4 08 2b 57 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 .+W|............
0138fff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00 00 .+Vw............
01390004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00 00 ................
01390014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00 00 ......... ......
01390024 00 20 00 00 23 02 00 00 - ff ef fd 7f 09 00 08 06 . ..#...........
01390034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
01390044 98 05 39 01 0f 00 00 00 - f8 ff ff ff 50 00 39 01 ..9.........P.9.
01390054 50 00 39 01 40 06 39 01 - 00 00 00 00 00 00 00 00 [email protected].........

State Dump for Thread Id 0x1e8

eax=014cff64 ebx=000493e0 ecx=000861d0 edx=00000000 esi=00085fc8 edi=000493e0
eip=77f88af7 esp=014cfebc ebp=014cfee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297

function: NtRemoveIoCompletion
77f88aec b8a8000000 mov eax,0xa8
77f88af1 8d542404 lea edx,[esp+0x4]
ss:01f59da3=????????
77f88af5 cd2e int 2e
77f88af7 c21400 ret 0x14
77f88afa 8bff mov edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
014CFEE4 77D4FA03 00000124 014CFF1C 014CFF0C 014CFF14
ntdll!NtRemoveIoCompletion
014CFF20 77D4F964 000493E0 014CFF60 014CFF5C 014CFF70
rpcrt4!PerformRpcInitialization
014CFF74 77D43DD7 77D4E003 00085FC8 012AF3E2 77F86775
rpcrt4!PerformRpcInitialization
014CFFA8 77D4AF16 000C2490 014CFFEC 7C57B388 000BFA30
rpcrt4!RpcBindingSetOption
014CFFB4 7C57B388 000BFA30 012AF3E2 77F86775 000BFA30
rpcrt4!RpcMgmtSetCancelTimeout
014CFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x1dc

eax=00000001 ebx=0011b1e8 ecx=0011b1e8 edx=aed2daec esi=00000630 edi=000fd010
eip=7cf8b2fb esp=01abba88 ebp=01abba9c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: Ordinal68
7cf8b2e3 e923fcffff jmp Ordinal68+0x4ce (7cf8af0b)
7cf8b2e8 90 nop
7cf8b2e9 90 nop
7cf8b2ea 90 nop
7cf8b2eb 90 nop
7cf8b2ec 90 nop
7cf8b2ed 8b8168010000 mov eax,[ecx+0x168]
ds:0011b350=00000001
7cf8b2f3 85c0 test eax,eax
7cf8b2f5 7415 jz Ordinal181+0xc3f7 (7cf9b20c)
7cf8b2f7 ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
FAULT ->7cf8b2fb 8b08 mov ecx,[eax]
ds:00000001=????????
7cf8b2fd ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
7cf8b301 ff74240c push dword ptr [esp+0xc]
ss:0254596f=????????
7cf8b305 50 push eax
7cf8b306 ff510c call dword ptr [ecx+0xc]
ds:00ba50ce=????????
7cf8b309 c20c00 ret 0xc
7cf8b30c b801400080 mov eax,0x80004001
7cf8b311 ebf6 jmp Ordinal181+0x55f4 (7cf94409)
7cf8b313 90 nop
7cf8b314 90 nop
7cf8b315 90 nop
7cf8b316 90 nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01ABBA9C 7CF8CC1E 0011B1E8 00000000 000FD010 00000630 shell32!Ordinal68
01ABBCC8 7CF8CB6F 00001000 000FD010 00000000 01ABBF08 shell32!Ordinal645
01ABBE40 77E4158F 001902A0 000004A0 00001000 000FD010 shell32!Ordinal645
01ABBE60 77E3C19D 7CF8B90F 001902A0 000004A0 00000724 user32!GetTopWindow
01ABBE7C 77E3C1CA 00470F98 000004A0 00000724 00000630 user32!DefWindowProcW
01ABBEA4 77F91BAF 01ABBEB4 00000018 00470F98 000004A0 user32!DefWindowProcW
01ABBEE4 7510E45A 01ABBF08 00000000 00000000 00000000
ntdll!KiUserCallbackDispatcher
01ABBF24 7510962A 00000001 01ABC0C4 01ABC0B8 00000000
netui2!HAS_MESSAGE_PUMP::RunMessagePump
00000000 00000000 00000000 00000000 00000000 00000000
netui2!DIALOG_WINDOW:rocess

Exception number: c0000005 (access violation) explorer keeps crashing	0	Jul 29, 2003
svchost.exe error	1	Mar 20, 2004
Termsrv.exe and ICAAPI.dll	0	Feb 15, 2006
WinMgmt drwatson program error	1	May 10, 2005
Dr. Watson error	0	Dec 9, 2003
This weeks windows updates and McAfee virusscan 4.5.1	2	Apr 20, 2005
Dr.Watson entry - what does it mean?	1	Sep 17, 2003
IE crashes when I open windows media player	2	Oct 16, 2003

Application Exception occurred in Explorer.exe

Guest

John John

Ask a Question

Similar Threads