Crashing Repeatedly - Internet Explorer 6.0

szkoplin · Oct 11, 2005

Can ANYONE help me figure out why IE is crashing every few minutes?
I've included the Event Viewer and Error Text for the most recent
crash.
Thanks, Steven
===============================================
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 10/10/2005
Time: 10:24:20 PM
User: N/A
Computer: DH5BD241
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module wsock32.dll, version 5.1.2600.2180, fault address 0x00002e73.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 77 73 6f 63 6b in wsock
0038: 33 32 2e 64 6c 6c 20 35 32.dll 5
0040: 2e 31 2e 32 36 30 30 2e .1.2600.
0048: 32 31 38 30 20 61 74 20 2180 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 32 65 37 33 0d 0002e73.
0060: 0a .
===============================================
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="iexplore.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="hmmapi.dll" SIZE="38912" CHECKSUM="0xD85D870C"
BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180"
PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Microsoft HTTP Mail
Simple MAPI" COMPANY_NAME="Microsoft Corporation"
PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="HMMAPI.DLL" INTERNAL_NAME="HMMAPI"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1667F"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
07:56:15" UPTO_LINK_DATE="08/04/2004 07:56:15" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="iedw.exe" SIZE="18432" CHECKSUM="0x738392F8"
BIN_FILE_VERSION="5.1.2600.2713" BIN_PRODUCT_VERSION="5.1.2600.2713"
PRODUCT_VERSION="5.1.2600.2713" FILE_DESCRIPTION="IE Crash Detection"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="5.1.2600.2713
(xpsp_sp2_gdr.050702-1513)" ORIGINAL_FILENAME="iedw.exe"
INTERNAL_NAME="iedw.exe" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32"
PE_CHECKSUM="0xDF87" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="5.1.2600.2713"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.2713" LINK_DATE="07/02/2005
23:33:09" UPTO_LINK_DATE="07/02/2005 23:33:09" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="iexplore.exe" SIZE="93184"
CHECKSUM="0xE187626E" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Explorer" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="IEXPLORE.EXE" INTERNAL_NAME="iexplore"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23C72"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
06:00:33" UPTO_LINK_DATE="08/04/2004 06:00:33" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn.dll" SIZE="61440"
CHECKSUM="0xDD04DAB" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="icwconn.dll" INTERNAL_NAME="icwconn"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11BD7"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
07:56:14" UPTO_LINK_DATE="08/04/2004 07:56:14" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn1.exe" SIZE="214528"
CHECKSUM="0xC9B5555" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="icwconn1.exe" INTERNAL_NAME="icwconn1"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3C746"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
05:59:19" UPTO_LINK_DATE="08/04/2004 05:59:19" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn2.exe" SIZE="86016"
CHECKSUM="0x7DE2AFFE" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="ICWCONN2.EXE" INTERNAL_NAME="ICWCONN2"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DDE9"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
05:59:22" UPTO_LINK_DATE="08/04/2004 05:59:22" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwdl.dll" SIZE="32768"
CHECKSUM="0xF4CC9266" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Service MIME Mutlipart Download"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWDL.DLL"
INTERNAL_NAME="ICWDL" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x174A9" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
07:56:16" UPTO_LINK_DATE="08/04/2004 07:56:16" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwhelp.dll" SIZE="172032"
CHECKSUM="0xCBAB0AC0" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard Helper functions"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwhelp.dll"
INTERNAL_NAME="icwhelp" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x33E62" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
07:56:17" UPTO_LINK_DATE="08/04/2004 07:56:17" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\ICWRES.DLL" SIZE="61440"
CHECKSUM="0xA488AA92" BIN_FILE_VERSION="6.0.2600.0"
BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)"
ORIGINAL_FILENAME="icwres.dll" INTERNAL_NAME="icwres"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1AA60"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0"
UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:05"
UPTO_LINK_DATE="08/18/2001 05:35:05" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwrmind.exe" SIZE="24576"
CHECKSUM="0x70643FDC" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard Reminder"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWRMIND.EXE"
INTERNAL_NAME="ICWRMIND" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x13447" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
05:59:09" UPTO_LINK_DATE="08/04/2004 05:59:09" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\ICWTUTOR.EXE" SIZE="73728"
CHECKSUM="0xF945F7EB" BIN_FILE_VERSION="6.0.2600.0"
BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)"
ORIGINAL_FILENAME="icwtutor.exe" INTERNAL_NAME="icwtutor"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16B27"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0"
UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:08"
UPTO_LINK_DATE="08/17/2001 20:49:08" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwutil.dll" SIZE="49152"
CHECKSUM="0xB9156DF5" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="icwutil.dll" INTERNAL_NAME="icwutil"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF816"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
07:56:19" UPTO_LINK_DATE="08/04/2004 07:56:19" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\inetwiz.exe" SIZE="20480"
CHECKSUM="0x3D8A325B" BIN_FILE_VERSION="6.0.2900.2180"
BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180"
FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="INETWIZ.EXE" INTERNAL_NAME="INETWIZ"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE297"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180"
UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004
05:59:25" UPTO_LINK_DATE="08/04/2004 05:59:25" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\ISIGNUP.EXE" SIZE="16384"
CHECKSUM="0xF8AB8D6E" BIN_FILE_VERSION="6.0.2600.0"
BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000"
FILE_DESCRIPTION="Internet Signup" COMPANY_NAME="Microsoft Corporation"
PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)"
ORIGINAL_FILENAME="ISIGNUP.EXE" INTERNAL_NAME="ISIGNUP"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x443C"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0"
UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:46"
UPTO_LINK_DATE="08/17/2001 20:48:46" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\TRIALOC.DLL" SIZE="40960"
CHECKSUM="0x68F70073" BIN_FILE_VERSION="6.0.2600.0"
BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000"
FILE_DESCRIPTION="Internet Connection Wizard Trial Reminder Helper"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="6.00.2600.0000
(xpclient.010817-1148)" ORIGINAL_FILENAME="trialoc.dll"
INTERNAL_NAME="trialoc" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x198FE" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="6.0.2600.0"
UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:36:03"
UPTO_LINK_DATE="08/18/2001 05:36:03" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="MUI\0409\mscorier.dll" SIZE="16896"
CHECKSUM="0x4AABD360" BIN_FILE_VERSION="1.1.4322.2032"
BIN_PRODUCT_VERSION="1.1.4322.2032" PRODUCT_VERSION="1.1.4322.2032"
FILE_DESCRIPTION="Microsoft .NET Runtime IE resources"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft .NET
Framework" FILE_VERSION="1.1.4322.2032"
ORIGINAL_FILENAME="mscorier.dll" INTERNAL_NAME="MSCORIER.DLL"
LEGAL_COPYRIGHT="Copyright © Microsoft Corporation 1998-2002. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x131F3" LINKER_VERSION="0x50000"
UPTO_BIN_FILE_VERSION="1.1.4322.2032"
UPTO_BIN_PRODUCT_VERSION="1.1.4322.2032" LINK_DATE="07/15/2004
06:34:05" UPTO_LINK_DATE="07/15/2004 06:34:05" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\nppdf32.dll" SIZE="57344"
CHECKSUM="0x42325BDC" BIN_FILE_VERSION="7.0.0.0"
BIN_PRODUCT_VERSION="7.0.0.0" PRODUCT_VERSION="7.0.0.0"
FILE_DESCRIPTION="Adobe Acrobat Plug-In Version 7.00 for Netscape"
COMPANY_NAME="Adobe Systems Inc." PRODUCT_NAME="Adobe Acrobat"
FILE_VERSION="7.0.0.0" ORIGINAL_FILENAME="NPPDF32.DLL"
LEGAL_COPYRIGHT="Copyright Adobe Systems Incorporated 2003,2004"
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1D417"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.0.0"
UPTO_BIN_PRODUCT_VERSION="7.0.0.0" LINK_DATE="12/14/2004 10:19:17"
UPTO_LINK_DATE="12/14/2004 10:19:17" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin2.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin3.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin4.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin5.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin6.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin7.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin8.dll" SIZE="126976"
CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.2.120"
BIN_PRODUCT_VERSION="7.0.2.120" PRODUCT_VERSION="QuickTime 7.0.2"
FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide
variety of multimedia content in Web pages. For more information, visit
the <A HREF=http://www.apple.com/quicktime/>QuickTime</A>
Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime
Plug-in 7.0.2" FILE_VERSION="7.0.2" ORIGINAL_FILENAME="npqtplugin.dll"
INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple
Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0"
LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.2.120"
UPTO_BIN_PRODUCT_VERSION="7.0.2.120" LINK_DATE="09/01/2005 23:50:09"
UPTO_LINK_DATE="09/01/2005 23:50:09" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\RichFX\Player\nprfxins.dll"
SIZE="569397" CHECKSUM="0x79C10EAB" BIN_FILE_VERSION="3.31.659.0"
BIN_PRODUCT_VERSION="3.31.659.0" PRODUCT_VERSION="3.31.0659"
FILE_DESCRIPTION="RichFX Basic Player" COMPANY_NAME="RichFX Inc."
PRODUCT_NAME="RichFX Basic Player 3.31.0659" FILE_VERSION="3.31.0659"
ORIGINAL_FILENAME="nprfxins.dll" INTERNAL_NAME="nprfxins"
LEGAL_COPYRIGHT="Copyright © RichFX Inc. 2001" VERFILEDATEHI="0x0"
VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2"
MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0"
UPTO_BIN_FILE_VERSION="3.31.659.0"
UPTO_BIN_PRODUCT_VERSION="3.31.659.0" LINK_DATE="11/11/2002 15:56:38"
UPTO_LINK_DATE="11/11/2002 15:56:38" VER_LANGUAGE="English (United
States) [0x409]" />
</EXE>
<EXE NAME="WSOCK32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="wsock32.dll" SIZE="22528"
CHECKSUM="0x713EB80A" BIN_FILE_VERSION="5.1.2600.2180"
BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180"
FILE_DESCRIPTION="Windows Socket 32-Bit DLL" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="wsock32.dll" INTERNAL_NAME="wsock32.dll"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12C31"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004
07:57:51" UPTO_LINK_DATE="08/04/2004 07:57:51" VER_LANGUAGE="English
(United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552"
CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180"
BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180"
FILE_DESCRIPTION="Windows NT BASE API Client DLL"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft®
Windows® Operating System" FILE_VERSION="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32"
INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All
rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32"
PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="5.1.2600.2180"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004
07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English
(United States) [0x409]" />
</EXE>
</DATABASE>

szkoplin · Oct 11, 2005

=======================================
Here's the Dr. Watson log entry for another crash following the crash
above:
=======================================
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.

Application exception occurred:
App: C:\Program Files\Internet Explorer\IEXPLORE.EXE (pid=352)
When: 01/24/2004 @ 13:28:15.765
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: DH5BD241
User Name: Steven
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: Steven

*----> Task List <----*
0 System Process
4 System
948 smss.exe
996 csrss.exe
1020 winlogon.exe
1064 services.exe
1076 lsass.exe
1296 svchost.exe
1320 svchost.exe
1516 svchost.exe
1540 svchost.exe
1784 spoolsv.exe
1856 ccEvtMgr.exe
456 acsd.exe
528 MDM.EXE
560 sqlservr.exe
912 navapsvc.exe
928 nvsvc32.exe
1404 svchost.exe
1616 wanmpsvc.exe
332 Explorer.EXE
764 BCMSMMSG.exe
808 tfswctrl.exe
836 DSentry.exe
852 PCMService.exe
2084 ccApp.exe
2140 hpgs2wnd.exe
2148 mmtask.exe
2248 ctfmon.exe
2296 hpgs2wnf.exe
2348 hpobnz08.exe
2476 YahooPOPs.exe
2936 hpoevm08.exe
3028 HPZipm12.exe
3396 hpoSTS08.exe
1892 msmsgs.exe
3440 Error 0xD0000022
1180 Error 0xD0000022
352 IEXPLORE.EXE
784 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet
Explorer\IEXPLORE.EXE
(00000000012c0000 - 00000000012cb000: C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
(00000000013a0000 - 00000000013bc000: C:\Program
Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll
(0000000001480000 - 00000000014ea000: C:\Program
Files\ANONYMIZER\CORE\Anonymizer.dll
(00000000015f0000 - 000000000160b000:
C:\WINDOWS\system32\dla\tfswshx.dll
(0000000001610000 - 000000000161f000: C:\WINDOWS\System32\tfswapi.dll
(0000000001620000 - 000000000165a000:
C:\WINDOWS\system32\dla\tfswcres.dll
(00000000016a0000 - 00000000016bc000: C:\Program Files\Norton
AntiVirus\NavShExt.dll
(00000000016c0000 - 00000000016da000: C:\WINDOWS\System32\ccTrust.dll
(0000000001cd0000 - 0000000001ed1000: C:\WINDOWS\System32\msi.dll
(0000000002660000 - 0000000002671000: C:\WINDOWS\IME\SPGRMR.DLL
(0000000002680000 - 00000000026db000: C:\Program Files\Common
Files\Microsoft Shared\INK\SKCHUI.DLL
(00000000028d0000 - 00000000028eb000: C:\Program Files\Common
Files\Symantec Shared\Script Blocking\scrauth.dll
(0000000002a00000 - 0000000002a1e000: C:\Program Files\Common
Files\Symantec Shared\Script Blocking\ScrBlock.dll
(0000000004830000 - 0000000004862000: C:\WINDOWS\System32\ODBC32.dll
(000000000ffa0000 - 000000000ffc1000: C:\WINDOWS\System32\dssenh.dll
(000000000ffd0000 - 000000000fff3000: C:\WINDOWS\System32\rsaenh.dll
(0000000010000000 - 00000000100be000: c:\program
files\google\googletoolbar1.dll
(000000001a400000 - 000000001a47a000: C:\WINDOWS\system32\urlmon.dll
(000000001f850000 - 000000001f866000: C:\WINDOWS\System32\odbcint.dll
(00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft
Office\OFFICE11\msohev.dll
(0000000051000000 - 000000005104d000: C:\WINDOWS\System32\DDRAW.dll
(0000000055900000 - 0000000055961000: C:\WINDOWS\System32\MSVCP60.dll
(0000000058d40000 - 0000000058d47000: C:\WINDOWS\System32\wship6.dll
(000000005ac20000 - 000000005aceb000: C:\Program Files\Common
Files\Microsoft Shared\VGX\vgx.dll
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(000000005c000000 - 000000005c0c8000: C:\WINDOWS\System32\D3DIM700.DLL
(000000005c2c0000 - 000000005c2fc000: C:\WINDOWS\ime\sptip.dll
(00000000605d0000 - 00000000605d8000: C:\WINDOWS\System32\mslbui.dll
(0000000063580000 - 0000000063831000: C:\WINDOWS\System32\mshtml.dll
(0000000065000000 - 0000000065009000: C:\WINDOWS\System32\ddrawex.dll
(0000000066880000 - 000000006688a000: C:\WINDOWS\System32\imgutil.dll
(000000006b700000 - 000000006b790000: c:\windows\system32\jscript.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000070d00000 - 0000000070ea1000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
(0000000071700000 - 0000000071849000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000071a50000 - 0000000071a8b000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\System32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\System32\WS2_32.dll
(0000000071ad0000 - 0000000071ad8000: C:\WINDOWS\System32\WSOCK32.dll
(0000000071b20000 - 0000000071b31000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1d000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\System32\NETAPI32.dll
(0000000071c80000 - 0000000071c86000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071ccc000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce6000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5b000: C:\WINDOWS\System32\actxprxy.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\System32\sensapi.dll
(0000000072430000 - 0000000072442000: C:\WINDOWS\System32\browselc.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000073300000 - 0000000073375000: c:\windows\system32\vbscript.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\System32\DCIMAN32.dll
(0000000073d50000 - 0000000073d60000: C:\WINDOWS\System32\cryptnet.dll
(00000000746c0000 - 00000000746e7000: C:\WINDOWS\System32\MSLS31.DLL
(00000000746f0000 - 0000000074716000: C:\WINDOWS\System32\msimtf.dll
(0000000074720000 - 0000000074764000: C:\WINDOWS\System32\MSCTF.dll
(0000000074770000 - 00000000747ff000: C:\WINDOWS\System32\mlang.dll
(0000000074c80000 - 0000000074cac000: C:\WINDOWS\System32\OLEACC.dll
(0000000074cb0000 - 0000000074d1f000: C:\WINDOWS\System32\mshtmled.dll
(0000000075970000 - 0000000075a61000: C:\WINDOWS\System32\MSGINA.dll
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075e90000 - 0000000075f37000: C:\WINDOWS\System32\SXS.DLL
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\appHelp.dll
(0000000075f60000 - 0000000075f66000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\System32\BROWSEUI.dll
(0000000076170000 - 00000000761f8000: C:\WINDOWS\System32\shdoclc.dll
(0000000076200000 - 0000000076298000: C:\WINDOWS\system32\WININET.dll
(00000000762a0000 - 00000000762af000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 0000000076348000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\System32\WINSTA.dll
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\System32\SETUPAPI.dll
(00000000767f0000 - 0000000076814000: C:\WINDOWS\System32\schannel.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076c30000 - 0000000076c5b000: C:\WINDOWS\System32\WINTRUST.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d77000: C:\WINDOWS\System32\iphlpapi.dll
(0000000076e80000 - 0000000076e8d000: C:\WINDOWS\System32\rtutils.dll
(0000000076e90000 - 0000000076ea1000: C:\WINDOWS\System32\rasman.dll
(0000000076eb0000 - 0000000076edb000: C:\WINDOWS\System32\TAPI32.dll
(0000000076ee0000 - 0000000076f17000: C:\WINDOWS\System32\RASAPI32.DLL
(0000000076f20000 - 0000000076f45000: C:\WINDOWS\System32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000076fb0000 - 0000000076fb7000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc5000: C:\WINDOWS\System32\rasadhlp.dll
(0000000076fd0000 - 0000000077048000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d1000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\SHELL32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077cb0000: C:\WINDOWS\system32\GDI32.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078086000: C:\WINDOWS\system32\RPCRT4.dll

*----> State Dump for Thread Id 0x7d0 <----*

eax=00000000 ebx=00000000 ecx=00000015 edx=00000005 esi=030be1b8
edi=0220c680
eip=635862d0 esp=0013e87c ebp=0013e8d8 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\mshtml.dll -
function: mshtml
635862b1 0cbe or al,0xbe
635862b3 83c060 add eax,0x60
635862b6 51 push ecx
635862b7 8bc8 mov ecx,eax
635862b9 e8a6e4ffff call mshtml+0x4764 (63584764)
635862be ebe4 jmp mshtml+0x62a4 (635862a4)
635862c0 8b4910 mov ecx,[ecx+0x10]
635862c3 85c9 test ecx,ecx
635862c5 0f84f1571400 je
mshtml!MatchExactGetIDsOfNames+0x40bcc (636cbabc)
635862cb e860ffffff call mshtml+0x6230 (63586230)
FAULT ->635862d0 0fb600 movzx eax,byte ptr [eax]
ds:0023:00000000=??
635862d3 c1e805 shr eax,0x5
635862d6 83e001 and eax,0x1
635862d9 c3 ret
635862da 8b7304 mov esi,[ebx+0x4]
635862dd 57 push edi
635862de 8bcb mov ecx,ebx
635862e0 e8e4380100 call mshtml+0x19bc9 (63599bc9)
635862e5 ff750c push dword ptr [ebp+0xc]
635862e8 8bf8 mov edi,eax
635862ea e881380100 call mshtml+0x19b70 (63599b70)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\USER32.dll -
ChildEBP RetAddr Args to Child
0013e8d8 635c086a 00000000 0013e948 030be1b8 mshtml+0x62d0
0013e908 635c1d05 00000000 03092090 030be008 mshtml+0x4086a
0013e920 6359957e 030be1b8 00000000 00000000 mshtml+0x41d05
0013e954 63581bd1 0013eaec 63581b14 00000000 mshtml+0x1957e
0013ea78 77d43a50 0009040e 00000004 00000000 mshtml+0x1bd1
0013eaa4 77d43b1f 63581b14 0009040e 00008002 USER32+0x3a50
0013eb0c 77d43d79 00000000 63581b14 0009040e USER32+0x3b1f
0013eb6c 77d43ddf 0013edb0 00000000 75f8cbc7 USER32!GetMessageW+0x125
0013edb0 00008002 00000000 00000000 006cc8f0
USER32!DispatchMessageW+0xb

*----> Raw Stack Dump <----*
000000000013e87c 92 18 5c 63 07 00 00 00 - b8 e1 0b 03 d8 e8 13 00
...\c............
000000000013e88c 0f 48 58 63 d4 17 17 02 - 2c 49 58 63 58 48 58 63
..HXc....,IXcXHXc
000000000013e89c 01 00 00 00 48 48 58 63 - 00 00 00 00 08 e0 0b 03
.....HHXc........
000000000013e8ac b8 48 58 63 08 e0 0b 03 - 08 e0 0b 03 7c 1a 5c 63
..HXc........|.\c
000000000013e8bc 00 00 00 00 07 00 00 00 - b8 e1 0b 03 08 e0 0b 03
.................
000000000013e8cc 01 00 00 00 00 4b 17 02 - 00 00 00 00 08 e9 13 00
......K..........
000000000013e8dc 6a 08 5c 63 00 00 00 00 - 48 e9 13 00 b8 e1 0b 03
j.\c....H.......
000000000013e8ec d0 02 16 02 00 e0 fd 7f - 00 00 00 00 fd 1b 70 71
...............pq
000000000013e8fc 03 00 00 00 08 e0 0b 03 - 01 00 00 00 20 e9 13 00
............. ...
000000000013e90c 05 1d 5c 63 00 00 00 00 - 90 20 09 03 08 e0 0b 03
...\c..... ......
000000000013e91c 00 00 16 02 54 e9 13 00 - 7e 95 59 63 b8 e1 0b 03
.....T...~.Yc....
000000000013e92c 00 00 00 00 00 00 00 00 - d0 02 16 02 02 80 00 00
.................
000000000013e93c b8 e1 0b 03 d3 1c 5c 63 - 00 00 00 00 04 03 16 02
.......\c........
000000000013e94c 0c 00 00 00 01 00 00 00 - 78 ea 13 00 d1 1b 58 63
.........x.....Xc
000000000013e95c ec ea 13 00 14 1b 58 63 - 00 00 00 00 fc ea 13 00
.......Xc........
000000000013e96c 09 48 e9 77 18 32 e8 77 - ff ff ff ff 99 57 e7 77
..H.w.2.w.....W.w
000000000013e97c a7 eb d6 77 00 20 00 00 - 08 00 00 00 a8 e9 13 00
....w. ..........
000000000013e98c de 65 d7 77 e4 03 00 00 - 00 80 00 00 b4 00 9a 00
..e.w............
000000000013e99c 00 00 00 00 c0 81 22 00 - 00 80 00 00 16 41 d4 77
......."......A.w
000000000013e9ac 4e 65 d7 77 24 01 13 00 - e4 03 00 00 64 65 d7 77
Ne.w$.......de.w

*----> State Dump for Thread Id 0x7e4 <----*

eax=00195938 ebx=00195938 ecx=018cfc34 edx=00000000 esi=7fffffff
edi=ffffffff
eip=7ffe0304 esp=018cfae4 ebp=018cfb20 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\mswsock.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\WS2_32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\WININET.dll -
ChildEBP RetAddr Args to Child
018cfae0 77f5c534 71a51f97 000002a4 00000001 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
018cfb20 71a520a4 000002a4 000002a8 00000000
ntdll!NtWaitForSingleObject+0xc
018cfc04 71ab1930 00000001 018cfe84 018cfc7c mswsock+0x20a4
018cfc54 7622387c 00000001 018cfe84 018cfc7c WS2_32!select+0xa0
018cffb0 76224485 77e7d33b 00197298 00150808
WININET!GetUrlCacheEntryInfoW+0x73d
018cffec 00000000 7622447c 00197298 00000000
WININET!InternetCrackUrlW+0x9dd

*----> Raw Stack Dump <----*
00000000018cfae4 34 c5 f5 77 97 1f a5 71 - a4 02 00 00 01 00 00 00
4..w...q........
00000000018cfaf4 0c fb 8c 01 a0 fb 8c 01 - 84 fe 8c 01 90 fb 8c 01
.................
00000000018cfb04 ca 0d 31 d4 a7 e2 c3 01 - ff ff ff ff ff ff ff 7f
...1.............
00000000018cfb14 38 59 19 00 00 00 00 00 - 00 00 00 00 04 fc 8c 01
8Y..............
00000000018cfb24 a4 20 a5 71 a4 02 00 00 - a8 02 00 00 00 00 00 00 .
..q............
00000000018cfb34 04 00 00 00 80 fd 8c 01 - 68 8e 06 01 7c fc 8c 01
.........h...|...
00000000018cfb44 e8 2a 73 00 e8 2a 73 01 - 2e 53 a5 71 e8 dc 24 00
..*s..*s..S.q..$.
00000000018cfb54 f0 ce 10 03 a8 ac 06 01 - a0 b2 f5 77 05 00 00 00
............w....
00000000018cfb64 28 00 00 00 00 00 00 00 - 10 00 00 00 00 00 00 00
(...............
00000000018cfb74 00 00 00 00 00 00 00 00 - 00 00 00 00 80 0f 05 fd
.................
00000000018cfb84 ff ff ff ff 00 00 00 00 - ac fb 8c 01 80 0f 05 fd
.................
00000000018cfb94 ff ff ff ff 01 00 00 00 - 00 94 f6 77 a8 02 00 00
............w....
00000000018cfba4 19 00 00 00 21 00 00 00 - 08 01 00 00 00 3d 22 00
.....!........=".
00000000018cfbb4 fc fb 8c 01 f0 88 fa 77 - 88 1c 01 00 00 00 15 00
........w........
00000000018cfbc4 20 fb 8c 01 cb 60 e7 77 - 14 fc 8c 01 f0 88 fa 77
.....`.w.......w
00000000018cfbd4 1c 00 00 00 01 00 00 00 - 00 00 00 00 90 fb 8c 01
.................
00000000018cfbe4 00 00 00 00 38 59 19 00 - 38 fb 8c 01 10 b7 27 76
.....8Y..8.....'v
00000000018cfbf4 44 fc 8c 01 bc 2a a7 71 - 80 b7 a5 71 ff ff ff ff
D....*.q...q....
00000000018cfc04 54 fc 8c 01 30 19 ab 71 - 01 00 00 00 84 fe 8c 01
T...0..q........
00000000018cfc14 7c fc 8c 01 80 fd 8c 01 - 88 ff 8c 01 34 fc 8c 01
|...........4...

*----> State Dump for Thread Id 0xac <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000000
eip=7ffe0304 esp=019cff9c ebp=019cffb4 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
019cff98 77f5b7f4 77f88423 00000001 019cffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
019cffb4 77e7d33b 00000000 00000000 00000000 ntdll!ZwDelayExecution+0xc
019cffec 00000000 77f883de 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000019cff9c f4 b7 f5 77 23 84 f8 77 - 01 00 00 00 ac ff 9c 01
....w#..w........
00000000019cffac 00 00 00 00 00 00 00 80 - ec ff 9c 01 3b d3 e7 77
.............;..w
00000000019cffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019cffcc 1f 00 00 00 00 c0 fd 7f - c0 ff 9c 01 07 00 00 00
.................
00000000019cffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
00000000019cffec 00 00 00 00 00 00 00 00 - de 83 f8 77 00 00 00 00
............w....
00000000019cfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019d00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xc4 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000001
eip=7ffe0304 esp=02d2fcec ebp=02d2ffb4 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02d2fce8 77f5c524 77f91f83 00000015 02d2fd30 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
02d2ffb4 77e7d33b 00000000 00000000 00000000
ntdll!NtWaitForMultipleObjects+0xc
02d2ffec 00000000 77f91e38 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000002d2fcec 24 c5 f5 77 83 1f f9 77 - 15 00 00 00 30 fd d2 02
$..w...w....0...
0000000002d2fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fd0c 00 00 00 00 00 00 00 00 - 20 5a fc 77 20 5a fc 77
......... Z.w Z.w
0000000002d2fd1c f0 03 00 00 c4 00 00 00 - 15 00 00 00 15 00 00 00
.................
0000000002d2fd2c 14 00 00 00 e4 03 00 00 - 0c 01 00 00 38 04 00 00
.............8...
0000000002d2fd3c 40 04 00 00 48 04 00 00 - 54 04 00 00 70 04 00 00
@...H...T...p...
0000000002d2fd4c 78 04 00 00 84 04 00 00 - 94 04 00 00 a0 04 00 00
x...............
0000000002d2fd5c a8 04 00 00 b4 04 00 00 - c0 04 00 00 cc 04 00 00
.................
0000000002d2fd6c d4 04 00 00 f0 04 00 00 - fc 04 00 00 08 05 00 00
.................
0000000002d2fd7c 14 05 00 00 90 06 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d2fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x780 <----*

eax=75a75aea ebx=02e2ff18 ecx=001507a8 edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=02e2fed0 ebp=02e2ff6c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02e2fecc 77f5c524 77e75ee0 00000003 02e2ff18 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
02e2ff6c 77e75faa 00000003 75b03300 00000000
ntdll!NtWaitForMultipleObjects+0xc
00000000 00000000 00000000 00000000 00000000
kernel32!WaitForMultipleObjects+0x17

*----> Raw Stack Dump <----*
0000000002e2fed0 24 c5 f5 77 e0 5e e7 77 - 03 00 00 00 18 ff e2 02
$..w.^.w........
0000000002e2fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 a4 33 b0 75
..............3.u
0000000002e2fef0 00 00 00 00 f0 a6 e7 77 - 00 00 00 00 00 00 00 00
........w........
0000000002e2ff00 00 00 00 00 00 00 01 00 - 00 00 15 00 03 00 00 00
.................
0000000002e2ff10 00 f0 fd 7f 00 f0 fa 7f - 58 04 00 00 5c 04 00 00
.........X...\...
0000000002e2ff20 88 04 00 00 37 90 f5 77 - 2e d9 e7 77 00 00 15 00
.....7..w...w....
0000000002e2ff30 00 00 00 00 3e d9 e7 77 - 18 ff e2 02 00 00 15 00
.....>..w........
0000000002e2ff40 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002e2ff50 10 00 00 00 ec fe e2 02 - 16 00 18 00 dc ff e2 02
.................
0000000002e2ff60 09 48 e9 77 78 32 e8 77 - 00 00 00 00 00 00 00 00
..H.wx2.w........
0000000002e2ff70 aa 5f e7 77 03 00 00 00 - 00 33 b0 75 00 00 00 00
.._.w.....3.u....
0000000002e2ff80 ff ff ff ff 00 00 00 00 - 45 5b a7 75 03 00 00 00
.........E[.u....
0000000002e2ff90 00 33 b0 75 00 00 00 00 - ff ff ff ff 00 00 15 00
..3.u............
0000000002e2ffa0 00 00 00 00 ec c9 13 00 - ec ff e2 02 00 00 00 00
.................
0000000002e2ffb0 03 00 00 00 00 00 a7 75 - 3b d3 e7 77 00 00 00 00
........u;..w....
0000000002e2ffc0 ec c9 13 00 00 00 15 00 - 00 00 00 00 00 00 00 00
.................
0000000002e2ffd0 00 f0 fa 7f c0 ff e2 02 - 07 00 00 00 ff ff ff ff
.................
0000000002e2ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
0000000002e2fff0 00 00 00 00 ea 5a a7 75 - 00 00 00 00 00 00 00 00
......Z.u........
0000000002e30000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00
.................

*----> State Dump for Thread Id 0xc60 <----*

eax=72d22ecc ebx=03b6ff1c ecx=000000fc edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=03b6fed4 ebp=03b6ff70 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
03b6fed0 77f5c524 77e75ee0 00000002 03b6ff1c *SharedUserSystemCall+0xc
(FPO: [0,0,0])
03b6ff70 77e75faa 00000002 03b6ffa4 00000000
ntdll!NtWaitForMultipleObjects+0xc
03b6ffb4 77e7d33b 00000000 00000021 41f59037
kernel32!WaitForMultipleObjects+0x17
03b6ffec 00000000 72d22ecc 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000003b6fed4 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 1c ff b6 03
$..w.^.w........
0000000003b6fee4 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 00 00
.............!...
0000000003b6fef4 00 00 00 00 00 00 00 00 - cc d2 6b 80 00 00 00 00
...........k.....
0000000003b6ff04 00 00 00 00 00 00 00 00 - e3 d2 6b 80 02 00 00 00
...........k.....
0000000003b6ff14 00 f0 fd 7f 00 c0 fa 7f - ec 05 00 00 d8 05 00 00
.................
0000000003b6ff24 d4 17 4b 86 fe 64 4f 80 - a4 17 4b 86 38 16 4b 86
...K..dO...K.8.K.
0000000003b6ff34 6c 16 4b 86 02 00 00 00 - 1c ff b6 03 b8 89 33 86
l.K...........3.
0000000003b6ff44 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003b6ff54 10 00 00 00 f0 fe b6 03 - 00 00 00 00 dc ff b6 03
.................
0000000003b6ff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff b6 03
..H.wx2.w........
0000000003b6ff74 aa 5f e7 77 02 00 00 00 - a4 ff b6 03 00 00 00 00
.._.w............
0000000003b6ff84 ff ff ff ff 00 00 00 00 - 0c 2f d2 72 02 00 00 00
........../.r....
0000000003b6ff94 a4 ff b6 03 00 00 00 00 - ff ff ff ff 37 90 f5 41
.............7..A
0000000003b6ffa4 ec 05 00 00 d8 05 00 00 - a8 1c b4 ec f4 bf f5 77
................w
0000000003b6ffb4 ec ff b6 03 3b d3 e7 77 - 00 00 00 00 21 00 00 00
.....;..w....!...
0000000003b6ffc4 37 90 f5 41 00 00 00 00 - 1f 00 00 00 00 c0 fa 7f
7..A............
0000000003b6ffd4 c0 ff b6 03 07 00 00 00 - ff ff ff ff 09 48 e9 77
..............H.w
0000000003b6ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
0000000003b6fff4 cc 2e d2 72 00 00 00 00 - 00 00 00 00 00 00 00 00
....r............
0000000003b70004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xc64 <----*

eax=00000000 ebx=00000614 ecx=03c6fc94 edx=00000000 esi=03c6ff98
edi=77d44377
eip=7ffe0304 esp=03c6ff54 ebp=03c6ff78 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
03c6ff50 77d43a09 77d443b5 03c6ff98 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
03c6ff78 76b41c79 03c6ff98 00000000 00000000 USER32+0x3a09
03c6ffb4 77e7d33b 00000614 00010003 00150000 WINMM!timeGetTime+0x1a1
03c6ffec 00000000 76b41c14 00000614 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000003c6ff54 09 3a d4 77 b5 43 d4 77 - 98 ff c6 03 00 00 00 00
..:.w.C.w........
0000000003c6ff64 00 00 00 00 00 00 00 00 - 14 06 00 00 77 43 d4 77
.............wC.w
0000000003c6ff74 00 00 00 00 b4 ff c6 03 - 79 1c b4 76 98 ff c6 03
.........y..v....
0000000003c6ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 03 00 01 00
.................
0000000003c6ff94 00 00 15 00 da 04 02 00 - bc 03 00 00 78 ca 1c 00
.............x...
0000000003c6ffa4 00 00 00 00 1f c9 6c 00 - 3d 03 00 00 67 00 00 00
.......l.=...g...
0000000003c6ffb4 ec ff c6 03 3b d3 e7 77 - 14 06 00 00 03 00 01 00
.....;..w........
0000000003c6ffc4 00 00 15 00 14 06 00 00 - 00 00 00 00 00 b0 fa 7f
.................
0000000003c6ffd4 c0 ff c6 03 07 00 00 00 - ff ff ff ff 09 48 e9 77
..............H.w
0000000003c6ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
0000000003c6fff4 14 1c b4 76 14 06 00 00 - 00 00 00 00 0c 0c 0c 0c
....v............
0000000003c70004 0c 0c 0c 0c 0c 0c 01 0c - 0c 0c 0c 0c 0c 0c 0c 0c
.................
0000000003c70014 0c 0c 0c 0c 0c 04 02 04 - 02 0c 0c 0c 0c 0c 0c 0c
.................
0000000003c70024 0c 0c 0c 04 04 02 02 01 - 01 02 04 0c 05 05 05 05
.................
0000000003c70034 05 04 04 02 01 01 02 01 - 01 01 01 02 05 03 03 03
.................
0000000003c70044 04 02 01 01 01 00 02 00 - 00 01 00 04 05 03 06 06
.................
0000000003c70054 04 01 01 01 00 08 09 09 - 09 00 00 02 05 03 07 00
.................
0000000003c70064 02 01 01 08 08 01 01 01 - 01 09 09 02 05 03 07 00
.................
0000000003c70074 02 08 02 01 01 01 01 00 - 00 02 02 01 05 03 07 00
.................
0000000003c70084 02 02 08 01 01 01 00 02 - 02 04 0c 0c 05 03 07 00
.................

*----> State Dump for Thread Id 0xea8 <----*

eax=7ffdb000 ebx=00000000 ecx=77e7a6e5 edx=00000000 esi=00223d38
edi=00000000
eip=7ffe0304 esp=01acfc1c ebp=01acfca4 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\CRYPT32.dll -
ChildEBP RetAddr Args to Child
01acfc18 77f5c534 77f69f68 0000099c 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
01acfca4 77f5b2e6 00223d38 76207dff 00223d38
ntdll!NtWaitForSingleObject+0xc
01acfcc8 7620a3a0 03147d54 03147d58 00000050
ntdll!RtlEnterCriticalSection+0x46
03147d54 ffffffff 007b005c 00300033 00300035
WININET!InternetCloseHandle+0xc55
ffffffff 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000001acfc1c 34 c5 f5 77 68 9f f6 77 - 9c 09 00 00 00 00 00 00
4..wh..w........
0000000001acfc2c 00 00 00 00 68 e3 17 03 - c8 7c 14 03 38 3d 22 00
.....h....|..8=".
0000000001acfc3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001acfc4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001acfc5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001acfc6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001acfc7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001acfc8c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00
.................
0000000001acfc9c 00 00 00 00 9c 09 00 00 - c8 fc ac 01 e6 b2 f5 77
................w
0000000001acfcac 38 3d 22 00 ff 7d 20 76 - 38 3d 22 00 00 00 00 00
8="..} v8=".....
0000000001acfcbc 01 00 00 00 00 00 00 00 - 01 00 00 00 54 7d 14 03
.............T}..
0000000001acfccc a0 a3 20 76 54 7d 14 03 - 58 7d 14 03 50 00 00 00 ..
vT}..X}..P...
0000000001acfcdc 5c 7d 14 03 10 9e 1c 00 - c8 7c 14 03 0c fd ac 01
\}.......|......
0000000001acfcec 3c b9 21 76 28 a3 20 76 - c8 7c 14 03 e8 98 20 76
<.!v(. v.|.... v
0000000001acfcfc c8 7c 14 03 c0 6c 4f 04 - 00 00 00 00 3c b9 21 76
..|...lO.....<.!v
0000000001acfd0c 6c fd ac 01 e1 9a 20 76 - 10 9e 1c 00 00 00 00 00
l..... v........
0000000001acfd1c 00 00 00 00 68 e3 17 03 - f4 a1 20 76 c8 7c 14 03
.....h..... v.|..
0000000001acfd2c 60 f4 48 04 db a2 20 76 - e0 93 04 00 05 00 00 00
`.H... v........
0000000001acfd3c 60 00 00 00 10 9e 1c 00 - c0 6c 4f 04 60 9a 4a 04
`........lO.`.J.
0000000001acfd4c d0 4c 1d 00 40 3b 1f 00 - 00 00 00 00 00 00 00 00
..L..@;..........

*----> State Dump for Thread Id 0xa74 <----*

eax=00000001 ebx=005b955f ecx=0410ff48 edx=00000000 esi=00000564
edi=00000000
eip=7ffe0304 esp=0410ff14 ebp=0410ff78 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0410ff10 77f5c534 77e7a62d 00000564 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0410ff78 77e7ac21 00000564 ffffffff 00000000
ntdll!NtWaitForSingleObject+0xc
ffffffff 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject+0xf

*----> Raw Stack Dump <----*
000000000410ff14 34 c5 f5 77 2d a6 e7 77 - 64 05 00 00 00 00 00 00
4..w-..wd.......
000000000410ff24 00 00 00 00 78 cd 1b 02 - 20 cd 1b 02 5f 95 5b 00
.....x... ..._.[.
000000000410ff34 50 ff 10 04 00 00 00 00 - 98 1c 1c 00 f0 88 1d 02
P...............
000000000410ff44 00 f0 fd 7f 00 d0 fa 7f - 14 00 00 00 01 00 00 00
.................
000000000410ff54 00 00 00 00 00 00 00 00 - 10 00 00 00 28 ff 10 04
.............(...
000000000410ff64 24 89 1d 02 dc ff 10 04 - 09 48 e9 77 e0 3a e8 77
$........H.w.:.w
000000000410ff74 00 00 00 00 ff ff ff ff - 21 ac e7 77 64 05 00 00
.........!..wd...
000000000410ff84 ff ff ff ff 00 00 00 00 - 82 3e 67 63 64 05 00 00
..........>gcd...
000000000410ff94 ff ff ff ff cb 44 f9 77 - ec ff 10 04 20 cd 1b 02
......D.w.... ...
000000000410ffa4 20 cd 1b 02 00 00 00 00 - 77 79 66 63 c0 ed 1d 00
........wyfc....
000000000410ffb4 51 79 66 63 3b d3 e7 77 - 20 cd 1b 02 cb 44 f9 77
Qyfc;..w ....D.w
000000000410ffc4 c0 ed 1d 00 20 cd 1b 02 - 00 00 00 00 00 d0 fa 7f
..... ...........
000000000410ffd4 c0 ff 10 04 48 03 3b c0 - ff ff ff ff 09 48 e9 77
.....H.;......H.w
000000000410ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
000000000410fff4 48 79 66 63 20 cd 1b 02 - 00 00 00 00 1f 1f 1f 1f
Hyfc ...........
0000000004110004 1f 0f 1e 1e 1e 1e 1e 1e - 1e 1e 1e 1e 1e 1e 1e 1e
.................
0000000004110014 1e 1e 1e 1e 1e 1e 1e 1e - 1e 1e 03 10 1d 1d 1d 1d
.................
0000000004110024 1d 1d 1d 1d 1d 1d 1d 1d - 1d 1d 1d 1d 1d 1d 1d 1d
.................
0000000004110034 1b 1e 1e 1e 1e 1e 1e 1e - 1e 1e 1e 1e 1e 1e 1e 1e
.................
0000000004110044 1e 1e 1e 0e 0e 0e 0e 0e - 0e 0e 0e 0e 0e 0e 0e 0e
.................

*----> State Dump for Thread Id 0xff8 <----*

eax=00000000 ebx=00000000 ecx=77d9c064 edx=00000000 esi=001890a0
edi=00000000
eip=7ffe0304 esp=03e7fcd4 ebp=03e7ff28 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\BROWSEUI.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
03e7fcd0 77d43c53 75f8cbf3 ffffffff 77f944a8 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
03e7ff28 75f958bd 00000000 ffffffff 77f944a8 USER32!WaitMessage+0xc
03e7ffb4 77e7d33b 002319b8 ffffffff 77f944a8 BROWSEUI!Ordinal123+0x558
03e7ffec 00000000 75f95879 002319b8 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000003e7fcd4 53 3c d4 77 f3 cb f8 75 - ff ff ff ff a8 44 f9 77
S<.w...u.....D.w
0000000003e7fce4 00 00 00 00 4d 00 69 00 - 63 00 72 00 6f 00 73 00
.....M.i.c.r.o.s.
0000000003e7fcf4 6f 00 66 00 74 00 20 00 - 49 00 6e 00 74 00 65 00
o.f.t. .I.n.t.e.
0000000003e7fd04 72 00 6e 00 65 00 74 00 - 20 00 45 00 78 00 70 00
r.n.e.t. .E.x.p.
0000000003e7fd14 6c 00 6f 00 72 00 65 00 - 72 00 00 00 e4 42 15 00
l.o.r.e.r....B..
0000000003e7fd24 01 00 00 00 8c fe e7 03 - 00 00 00 00 e3 b7 00 78
................x
0000000003e7fd34 f8 3b 15 00 06 00 00 00 - 10 00 00 00 8c fe e7 03
..;..............
0000000003e7fd44 8c fe e7 03 00 00 00 00 - d0 c0 00 00 01 00 00 00
.................
0000000003e7fd54 01 00 00 00 00 00 00 00 - 58 2c 02 e1 20 2d 02 e1
.........X,.. -..
0000000003e7fd64 64 88 32 ed 98 8b 32 ed - 20 de 20 00 38 ba 48 04
d.2...2. . .8.H.
0000000003e7fd74 30 37 71 f7 ff ff ff ff - 88 01 15 00 40 ba 48 04
[email protected].
0000000003e7fd84 84 8a 32 ed 84 8a 32 ed - 01 00 00 00 f9 6d 52 80
...2...2......mR.
0000000003e7fd94 00 00 00 00 08 c0 81 e1 - 08 43 50 86 00 00 00 00
..........CP.....
0000000003e7fda4 3c 5b 68 86 00 00 00 00 - 30 ba 48 04 38 77 6f f7
<[h.....0.H.8wo.
0000000003e7fdb4 ac 8a 32 ed 00 00 00 00 - 00 00 00 00 38 00 00 00
...2.........8...
0000000003e7fdc4 23 00 00 00 23 00 00 00 - ff ff ff ff a8 44 f9 77
#...#........D.w
0000000003e7fdd4 b8 19 23 00 3a 8a f5 77 - 08 00 00 00 02 00 00 00
...#.:..w........
0000000003e7fde4 f8 9f 51 04 42 d3 e7 77 - 1b 00 00 00 00 02 00 00
...Q.B..w........
0000000003e7fdf4 fc ff e7 03 23 00 00 00 - 08 e0 10 03 68 ef 4e 04
.....#.......h.N.
0000000003e7fe04 18 b4 48 04 18 b4 48 04 - 40 c2 81 e1 68 c2 81 e1
[email protected]...

*----> State Dump for Thread Id 0xb24 <----*

eax=00000102 ebx=00231c78 ecx=0524fe28 edx=00000000 esi=00000000
edi=00000000
eip=7ffe0304 esp=0524fe28 ebp=0524ff90 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
0524fe24 77f5c084 780016a4 000002f0 0524ff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0524ff90 78001601 780019d6 00153368 00000000
ntdll!NtReplyWaitReceivePortEx+0xc
0024f268 ffffffff 000008ec 000007c8 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
000000000524fe28 84 c0 f5 77 a4 16 00 78 - f0 02 00 00 80 ff 24 05
....w...x......$.
000000000524fe38 00 00 00 00 78 1c 23 00 - 60 ff 24 05 00 00 00 00
.....x.#.`.$.....
000000000524fe48 7a f3 6b 80 8c 51 44 86 - 02 00 00 00 68 51 44 86
z.k..QD.....hQD.
000000000524fe58 64 6b 4b ec e4 c9 59 86 - 41 00 00 00 00 00 6c 80
dkK...Y.A.....l.
000000000524fe68 38 15 b0 f7 e4 4f 53 80 - 02 96 b8 85 3a 66 4f 80
8....OS.....:fO.
000000000524fe78 00 00 00 00 07 00 00 00 - 6c f8 4b 86 f0 f8 4b 86
.........l.K...K.
000000000524fe88 00 00 00 00 e0 6b 4b ec - 73 48 ee f6 02 f8 4b 86
......kK.sH....K.
000000000524fe98 f8 f8 4b 86 01 00 00 00 - 83 48 ee f6 00 00 00 00
...K......H......
000000000524fea8 44 f8 4b 86 00 00 00 00 - 4e 7a ee f6 28 7c ee f6
D.K.....Nz..(|..
000000000524feb8 54 6c 4b ec c8 29 dd 85 - 40 f8 4b 86 e8 97 d9 85
TlK..)[email protected].....
000000000524fec8 88 3b 2b 86 00 52 04 86 - 01 00 00 00 b8 6b 4b ec
..;+..R.......kK.
000000000524fed8 b8 6b 4b ec c8 0d 00 00 - 01 00 00 00 70 f8 4b 86
..kK.........p.K.
000000000524fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00
.................
000000000524fef8 c8 0d 00 00 08 6c 4b ec - 45 b4 ee f6 44 f8 4b 00
......lK.E...D.K.
000000000524ff08 f9 1e 02 00 34 6c 4b ec - 58 6c 4b ec 54 6c 4b ec
.....4lK.XlK.TlK.
000000000524ff18 92 eb f0 f6 38 f5 df ff - e4 4f 53 80 00 a2 c6 85
.....8....OS.....
000000000524ff28 3a 66 4f 80 cc a3 c6 85 - 60 a2 c6 85 94 a2 c6 85
:fO.....`.......
000000000524ff38 02 00 00 00 2f e6 61 80 - 2f 16 00 78 60 ff 24 05
...../.a./..x`.$.
000000000524ff48 4a 16 00 78 60 e9 15 00 - 78 3e 0f 03 68 f2 24 00
J..x`...x>..h.$.
000000000524ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x15c <----*

eax=71a519c4 ebx=c0000000 ecx=77f57d70 edx=00000000 esi=00000000
edi=71a832ac
eip=7ffe0304 esp=0215ff80 ebp=71a50000 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0215ff7c 77f5c024 71a51a1b 00000364 0215ffbc *SharedUserSystemCall+0xc
(FPO: [0,0,0])
71a50000 00000003 00000004 0000ffff 000000b8
ntdll!ZwRemoveIoCompletion+0xc

*----> Raw Stack Dump <----*
000000000215ff80 24 c0 f5 77 1b 1a a5 71 - 64 03 00 00 bc ff 15 02
$..w...qd.......
000000000215ff90 ac ff 15 02 b0 ff 15 02 - 40 b7 a5 71 f0 88 fa 77
[email protected]
000000000215ffa0 70 38 f5 77 ec ff 15 02 - 48 fc 63 04 c8 2b 73 01
p8.w....H.c..+s.
000000000215ffb0 00 00 00 00 00 00 00 00 - 3b d3 e7 77 a5 4b a5 71
.........;..w.K.q
000000000215ffc0 f0 88 fa 77 70 38 f5 77 - 48 fc 63 04 1f 00 00 00
....wp8.wH.c.....
000000000215ffd0 00 90 fd 7f c0 ff 15 02 - 78 5d c5 ec ff ff ff ff
.........x]......
000000000215ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
000000000215fff0 00 00 00 00 c4 19 a5 71 - 48 fc 63 04 00 00 00 00
........qH.c.....
0000000002160000 87 00 16 02 01 00 00 00 - 07 00 00 00 00 00 00 0a
.................
0000000002160010 00 00 00 00 00 00 00 00 - 00 06 00 00 00 00 00 06
.................
0000000002160020 00 00 00 00 00 1d 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002160030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002160040 00 00 01 01 0c 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002160050 01 0a 00 00 00 00 00 00 - 00 00 00 01 00 00 00 00
.................
0000000002160060 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002160070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002160080 00 00 00 00 00 00 00 00 - 01 05 00 00 00 00 00 00
.................
0000000002160090 00 00 00 00 00 00 00 00 - 00 00 00 00 05 00 00 00
.................
00000000021600a0 00 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000021600b0 00 00 00 00 04 00 00 00 - 02 00 00 00 00 00 00 05
.................

*----> State Dump for Thread Id 0x58c <----*

eax=780015dd ebx=001ed870 ecx=77f58a3a edx=00000000 esi=00000100
edi=00000000
eip=7ffe0304 esp=02c2fe28 ebp=02c2ff90 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02c2fe24 77f5c084 780016a4 000002f0 02c2ff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
02c2ff90 78001601 780019d6 00153368 77f53870
ntdll!NtReplyWaitReceivePortEx+0xc
001e3fc0 ffffffff 00000308 000007d8 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000002c2fe28 84 c0 f5 77 a4 16 00 78 - f0 02 00 00 80 ff c2 02
....w...x........
0000000002c2fe38 00 00 00 00 70 d8 1e 00 - 60 ff c2 02 fc 01 02 00
.....p...`.......
0000000002c2fe48 a0 5f 35 81 00 00 00 00 - fc 6a 51 80 50 cb 54 80
.._5......jQ.P.T.
0000000002c2fe58 00 00 00 00 fc 01 02 00 - a0 5f 35 81 00 00 00 00
.........._5.....
0000000002c2fe68 9c 36 50 c0 9c 36 50 c0 - 18 52 2a 86 15 03 00 00
..6P..6P..R*.....
0000000002c2fe78 8a 79 51 80 40 15 b0 f7 - 02 00 00 00 1e 69 4f 80
[email protected].
0000000002c2fe88 00 70 fd 7f b8 5b c5 ec - 00 00 00 00 98 5b c5 ec
..p...[.......[..
0000000002c2fe98 d9 76 51 80 00 60 fd 7f - a9 db 6b 80 00 00 00 00
..vQ..`....k.....
0000000002c2fea8 58 ff 1f c0 00 00 00 00 - fc 07 30 c0 e4 5b c5 ec
X.........0..[..
0000000002c2feb8 52 7d 51 80 b8 5b c5 ec - 00 00 00 00 00 00 00 00
R}Q..[..........
0000000002c2fec8 a0 46 0c 86 20 50 2a 86 - 01 50 2a 86 00 00 00 00
..F.. P*..P*.....
0000000002c2fed8 58 ff 1f c0 20 50 2a 86 - 00 00 00 00 00 00 00 00
X... P*.........
0000000002c2fee8 00 00 00 00 00 00 04 00 - ff ff ff ff 40 15 b0 f7
.............@...
0000000002c2fef8 00 00 00 00 cc d2 6b 80 - 00 00 00 00 30 5c c5 ec
.......k.....0\..
0000000002c2ff08 00 00 00 00 e3 d2 6b 80 - 08 00 00 00 46 02 00 00
.......k.....F...
0000000002c2ff18 c2 d7 4f 80 38 15 b0 f7 - e4 4f 53 80 00 4a 0c 86
...O.8....OS..J..
0000000002c2ff28 3a 66 4f 80 6c 4b 0c 86 - 00 4a 0c 86 34 4a 0c 86
:fO.lK...J..4J..
0000000002c2ff38 02 00 00 00 2f e6 61 80 - 2f 16 00 78 60 ff c2 02
...../.a./..x`...
0000000002c2ff48 4a 16 00 78 60 e9 15 00 - 68 fa 4c 04 c0 3f 1e 00
J..x`...h.L..?..
0000000002c2ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x12c <----*

eax=000002ae ebx=77f5b2a0 ecx=0314c110 edx=00000000 esi=00000894
edi=00000000
eip=7ffe0304 esp=03f7ff18 ebp=03f7ff7c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
03f7ff14 77f5c534 77e7a62d 00000894 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
03f7ff7c 77e7ac21 00000894 000927c0 00000000
ntdll!NtWaitForSingleObject+0xc
77f5b380 4affc033 89257508 fff00c42 037d044a
kernel32!WaitForSingleObject+0xf
0424548b 00000000 00000000 00000000 00000000 0x4affc033

*----> Raw Stack Dump <----*
0000000003f7ff18 34 c5 f5 77 2d a6 e7 77 - 94 08 00 00 00 00 00 00
4..w-..w........
0000000003f7ff28 40 ff f7 03 00 00 00 00 - e0 9c 18 02 a0 b2 f5 77
@..............w
0000000003f7ff38 e2 cc 5e 63 40 ff f7 03 - 00 44 5f 9a fe ff ff ff
...^[email protected]_.....
0000000003f7ff48 00 f0 fd 7f 00 e0 fa 7f - 14 00 00 00 01 00 00 00
.................
0000000003f7ff58 00 00 00 00 00 00 00 00 - 10 00 00 00 2c ff f7 03
.............,...
0000000003f7ff68 00 00 00 00 dc ff f7 03 - 09 48 e9 77 e0 3a e8 77
..........H.w.:.w
0000000003f7ff78 00 00 00 00 80 b3 f5 77 - 21 ac e7 77 94 08 00 00
........w!..w....
0000000003f7ff88 c0 27 09 00 00 00 00 00 - 7e 7b 66 63 94 08 00 00
..'......~{fc....
0000000003f7ff98 c0 27 09 00 a0 bd 18 03 - e0 9c 18 02 ec ff f7 03
..'..............
0000000003f7ffa8 e0 9c 18 02 77 79 66 63 - 00 90 18 03 51 79 66 63
.....wyfc....Qyfc
0000000003f7ffb8 3b d3 e7 77 e0 9c 18 02 - a0 bd 18 03 00 90 18 03
;..w............
0000000003f7ffc8 e0 9c 18 02 1f 00 00 00 - 00 e0 fa 7f c0 ff f7 03
.................
0000000003f7ffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77
..........H.w.=.w
0000000003f7ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 48 79 66 63
.............Hyfc
0000000003f7fff8 e0 9c 18 02 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f80008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f80018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f80028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f80038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003f80048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xa54 <----*

eax=0458ee98 ebx=77f5b2a0 ecx=00000000 edx=00000000 esi=00000780
edi=00000000
eip=7ffe0304 esp=04b3ff18 ebp=04b3ff7c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
04b3ff14 77f5c534 77e7a62d 00000780 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
04b3ff7c 77e7ac21 00000780 000927c0 00000000
ntdll!NtWaitForSingleObject+0xc
77f5b380 4affc033 89257508 fff00c42 037d044a
kernel32!WaitForSingleObject+0xf
0424548b 00000000 00000000 00000000 00000000 0x4affc033

*----> Raw Stack Dump <----*
0000000004b3ff18 34 c5 f5 77 2d a6 e7 77 - 80 07 00 00 00 00 00 00
4..w-..w........
0000000004b3ff28 40 ff b3 04 00 00 00 00 - b0 0d 21 02 a0 b2 f5 77
@.........!....w
0000000004b3ff38 00 00 00 00 40 ff b3 04 - 00 44 5f 9a fe ff ff ff
[email protected]_.....
0000000004b3ff48 00 f0 fd 7f 00 90 fa 7f - 14 00 00 00 01 00 00 00
.................
0000000004b3ff58 00 00 00 00 00 00 00 00 - 10 00 00 00 2c ff b3 04
.............,...
0000000004b3ff68 0c ce 7e 63 dc ff b3 04 - 09 48 e9 77 e0 3a e8 77
...~c.....H.w.:.w
0000000004b3ff78 00 00 00 00 80 b3 f5 77 - 21 ac e7 77 80 07 00 00
........w!..w....
0000000004b3ff88 c0 27 09 00 00 00 00 00 - 7e 7b 66 63 80 07 00 00
..'......~{fc....
0000000004b3ff98 c0 27 09 00 ff ff ff ff - b0 0d 21 02 ec ff b3 04
..'........!.....
0000000004b3ffa8 b0 0d 21 02 77 79 66 63 - 3a 8a f5 77 51 79 66 63
...!.wyfc:..wQyfc
0000000004b3ffb8 3b d3 e7 77 b0 0d 21 02 - ff ff ff ff 3a 8a f5 77
;..w..!.....:..w
0000000004b3ffc8 b0 0d 21 02 00 00 00 00 - 00 90 fa 7f c0 ff b3 04
...!.............
0000000004b3ffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77
..........H.w.=.w
0000000004b3ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 48 79 66 63
.............Hyfc
0000000004b3fff8 b0 0d 21 02 00 00 00 00 - 1f 1f 1f 1f 1f 0f 04 04
...!.............
0000000004b40008 04 04 04 04 04 04 04 04 - 04 04 04 04 04 04 04 04
.................
0000000004b40018 04 04 04 04 04 03 10 0e - 0e 0e 0e 0e 0e 0e 0e 0e
.................
0000000004b40028 0e 0e 0e 0e 0e 0e 0e 0e - 0e 0e 0e 1c 04 04 04 04
.................
0000000004b40038 04 04 04 04 04 04 04 04 - 04 04 04 04 04 04 04 04
.................
0000000004b40048 04 04 04 04 04 04 04 04 - 04 04 04 04 04 04 04 04
.................

*----> State Dump for Thread Id 0x180 <----*

eax=7ffda000 ebx=00000000 ecx=77e7a6e5 edx=00000000 esi=01fde978
edi=0024beb8
eip=7ffe0304 esp=01fde8c0 ebp=01fde90c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\System32\DNSAPI.dll -
ChildEBP RetAddr Args to Child
01fde8bc 77f5c0c4 780095b6 0000093c 0024be80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
01fde90c 78002fb7 01fde94c 78002fdf 01fde94c
ntdll!ZwRequestWaitReplyPort+0xc
01fdecf0 76f21899 76f2a3c8 76f2a660 01fded08
RPCRT4!I_RpcSendReceive+0x1f
01fded5c 71a536cc 01732d5c 0000001c 00000000 DNSAPI!DnsQuery_W+0x32a
01fded90 71a5367f 01732d5c 0000001c 00000000 mswsock+0x36cc
01fdedbc 71a535e3 01732cf0 0106dc48 0106d670 mswsock+0x367f
01fdf1f0 71ab224c 01732e10 01731e90 01fdf284 mswsock+0x35e3
01fdf230 71ab21c2 0106d670 00000000 01fdf284
WS2_32!WSALookupServiceNextW+0xff
01fdf250 71ab2b85 0106d670 00000000 01fdf284
WS2_32!WSALookupServiceNextW+0x75
01fdf274 71abbc82 0106d670 00000000 0000083c
WS2_32!WSALookupServiceNextA+0x61
01fdfaf0 71ab95a6 0000083c 01fdfb7c 01fdfb20 WS2_32!WSANtohl+0x5b4
01fdfb2c 71ab3692 00227e18 00000003 01fdfb80 WS2_32!WSASetEvent+0x492
01fdfb90 71ab352e 00227e18 00000000 00000001
WS2_32!WSAStringToAddressA+0x15a
01fdfc20 7620a694 00227e18 0000001c 01fdfc44
WS2_32!WSASetLastError+0x21
01fdfc80 7620a590 00000000 762098e8 00247c78
WININET!InternetCloseHandle+0xf49
01fdfca0 76209ae1 00227228 00000000 00000000
WININET!InternetCloseHandle+0xe45
0024f6ec ffffffff 00000000 00000000 00000000
WININET!InternetCloseHandle+0x396
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000001fde8c0 c4 c0 f5 77 b6 95 00 78 - 3c 09 00 00 80 be 24 00
....w...x<.....$.
0000000001fde8d0 80 be 24 00 4c e9 fd 01 - 78 e9 fd 01 00 00 00 00
...$.L...x.......
0000000001fde8e0 90 d6 50 04 00 00 00 00 - 00 00 00 00 78 e9 fd 01
...P.........x...
0000000001fde8f0 bc be 24 00 5c 2d 73 01 - fc 9f f2 76 00 00 00 00
...$.\-s....v....
0000000001fde900 78 e9 fd 01 5c 2d 73 01 - 40 ec 21 00 f0 ec fd 01
x...\-s.@.!.....
0000000001fde910 b7 2f 00 78 4c e9 fd 01 - df 2f 00 78 4c e9 fd 01
../.xL..../.xL...
0000000001fde920 c8 a3 f2 76 08 ed fd 01 - 59 85 07 78 78 e9 fd 01
....v....Y..xx...
0000000001fde930 fc be 24 00 00 00 00 00 - 00 00 00 00 88 ed fd 01
...$.............
0000000001fde940 f0 88 fa 77 00 00 00 00 - a0 25 22 00 40 ec 21 00
....w.....%".@.!.
0000000001fde950 10 00 00 00 b8 be 24 00 - 44 00 00 00 09 00 00 00
.......$.D.......
0000000001fde960 d4 84 0c 03 18 a4 f2 76 - e2 d8 f5 77 9d 25 e7 77
........v...w.%.w
0000000001fde970 7c f1 fd 01 00 00 00 00 - 4c e9 fd 01 fc be 24 00
|.......L.....$.
0000000001fde980 00 00 00 00 00 00 00 00 - c0 be 24 00 4c 00 00 00
...........$.L...
0000000001fde990 5d 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00
]...............
0000000001fde9a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001fde9b0 00 00 00 00 00 00 00 00 - d4 e9 fd 01 43 00 3a 00
.............C.:.
0000000001fde9c0 d6 1c f2 76 a8 b7 f3 76 - 08 ed fd 01 65 00 6e 00
....v...v....e.n.
0000000001fde9d0 74 00 73 00 a0 25 22 00 - c8 a3 f2 76 00 00 00 00
t.s..%"....v....
0000000001fde9e0 00 00 00 00 00 00 00 00 - 30 00 67 00 02 00 00 00
.........0.g.....
0000000001fde9f0 00 00 00 00 65 00 76 00 - 65 00 6e 00 00 00 00 00
.....e.v.e.n.....

*----> State Dump for Thread Id 0x63c <----*

eax=771e71ed ebx=00007530 ecx=7ffdf0c4 edx=00000000 esi=00000000
edi=0265ff60
eip=7ffe0304 esp=0265ff20 ebp=0265ff78 iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0265ff1c 77f5b7f4 77e7a37a 00000000 0265ff44 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0265ff78 77e61bf5 0000ea60 00000000 771c1698 ntdll!ZwDelayExecution+0xc
00000000 00000000 00000000 00000000 00000000 kernel32!Sleep+0xb

*----> Raw Stack Dump <----*
000000000265ff20 f4 b7 f5 77 7a a3 e7 77 - 00 00 00 00 44 ff 65 02
....wz..w....D.e.
000000000265ff30 a2 a5 e7 77 88 b1 2b 77 - 30 75 00 00 00 00 00 00
....w..+w0u......
000000000265ff40 44 ff 65 02 00 ba 3c dc - ff ff ff ff 14 00 00 00
D.e...<.........
000000000265ff50 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
000000000265ff60 30 ff 65 02 12 00 14 00 - dc ff 65 02 09 48 e9 77
0.e.......e..H.w
000000000265ff70 d0 3a e8 77 00 00 00 00 - 00 00 00 00 f5 1b e6 77
..:.w...........w
000000000265ff80 60 ea 00 00 00 00 00 00 - 98 16 1c 77 60 ea 00 00
`..........w`...
000000000265ff90 00 85 af 05 a8 71 1e 77 - 00 00 00 00 00 00 1b 77
......q.w.......w
000000000265ffa0 00 85 af 05 00 85 af 05 - ec ff 65 02 07 72 1e 77
...........e..r.w
000000000265ffb0 10 00 00 00 bc 02 00 00 - 3b d3 e7 77 00 85 af 05
.........;..w....
000000000265ffc0 10 00 00 00 bc 02 00 00 - 00 85 af 05 1f 00 00 00
.................
000000000265ffd0 00 80 fd 7f c0 ff 65 02 - 78 6d 10 ec ff ff ff ff
.......e.xm......
000000000265ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
000000000265fff0 00 00 00 00 ed 71 1e 77 - 00 85 af 05 00 00 00 00
......q.w........
0000000002660000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00
MZ..............
0000000002660010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00
.........@.......
0000000002660020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002660030 00 00 00 00 00 00 00 00 - 00 00 00 00 b8 00 00 00
.................
0000000002660040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68
.........!..L.!Th
0000000002660050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is
program canno

szkoplin · Oct 11, 2005

CAN ONE OF THE MS-MVP'S PLEASE HELP...

szkoplin · Oct 11, 2005

This is getting REALLY frustrating - all of these MS-MVP's and no
responses.

David Candy · Oct 11, 2005

Do you expect anyone to read that unformatted mess.
Type
cmd /k ntsd "C:\Program Files\Internet Explorer\iexplore.exe"

[Press G on App start and exit to continue the program. It breaks on load and unload]

This may give you hints on the cause.

http://www.google.com.au/search?hl=...=+site:support.microsoft.com+iexplore+wsock32

Explorer crashing - gdiplus.dll error	0	Sep 10, 2009
IE6 crashing frequently	4	Oct 8, 2005
explorer.exe crashes at every boot up	4	Aug 17, 2008
Windows Explorer has encountered an error and needs to close	1	Jun 27, 2007
Windows Explorer Freezes	8	Sep 24, 2006
text asset.x32? Can't open a website after re-installing windows	2	May 4, 2006
windows explorer has encountered a problem	6	Dec 31, 2006
Control Panel crashes	1	May 20, 2006

Crashing Repeatedly - Internet Explorer 6.0

szkoplin

szkoplin

szkoplin

szkoplin

David Candy

Ask a Question

Similar Threads