Explorer errors

Guest · Mar 24, 2007

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
.................................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
..exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)
75f60000 75f67000 drprov drprov.dll Wed Aug 04 00:57:02 2004 (411096CE)
75f70000 75f79000 davclnt davclnt.dll Wed Aug 04 00:56:08 2004 (41109698)
75f80000 7607d000 browseui browseui.dll Thu Jan 04 06:05:28 2007 (459D09A8)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 00:59:13 2004 (41109751)
76200000 76277000 mshtmled mshtmled.dll Tue Nov 07 21:03:34 2006 (45516526)
76280000 762a1000 stobject stobject.dll Wed Aug 04 00:59:26 2004 (4110975E)
76360000 76370000 winsta winsta.dll Wed Aug 04 00:56:40 2004 (411096B8)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 00:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 00:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 00:56:32 2004 (411096B0)
76400000 765a6000 netshell netshell.dll Wed Aug 04 00:56:37 2004 (411096B5)
76600000 7661d000 cscdll cscdll.dll Wed Aug 04 00:56:07 2004 (41109697)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 00:56:40 2004 (411096B8)
76980000 76988000 linkinfo linkinfo.dll Wed Aug 31 18:41:53 2005 (43165C61)
76990000 769b5000 ntshrui ntshrui.dll Wed Aug 04 00:57:09 2004 (411096D5)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 00:56:41 2004 (411096B9)
76b20000 76b31000 atl atl.dll Wed Aug 04 00:56:55 2004 (411096C7)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 00:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 00:56:58 2004 (411096CA)
76c00000 76c2e000 credui credui.dll Wed Aug 04 00:56:42 2004 (411096BA)
76c30000 76c5e000 wintrust wintrust.dll Wed Aug 04 00:56:41 2004 (411096B9)
76c90000 76cb8000 imagehlp imagehlp.dll Wed Aug 04 00:56:25 2004 (411096A9)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 05:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 00:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 00:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 00:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 00:56:25 2004 (411096A9)
76f50000 76f58000 wtsapi32 wtsapi32.dll Wed Aug 04 00:57:55 2004 (41109703)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 00:56:43 2004 (411096BB)
76fd0000 7704f000 clbcatq clbcatq.dll Mon Jul 25 21:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 00:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 00:57:39 2004 (411096F3)
771b0000 7727e000 wininet wininet.dll Tue Nov 07 21:03:34 2006 (45516526)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 08:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Mon Jul 25 21:39:47 2005 (42E5BE93)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 00:56:32 2004 (411096B0)
77a20000 77a74000 cscui cscui.dll Wed Aug 04 00:56:08 2004 (41109698)
77a80000 77b14000 crypt32 crypt32.dll Wed Aug 04 00:56:01 2004 (41109691)
77b20000 77b32000 msasn1 msasn1.dll Wed Aug 04 00:57:23 2004 (411096E3)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 00:56:36 2004 (411096B4)
77bd0000 77bd7000 midimap midimap.dll Wed Aug 04 00:56:25 2004 (411096A9)
77be0000 77bf5000 msacm32 msacm32.dll Wed Aug 04 00:57:03 2004 (411096CF)
77c00000 77c08000 version version.dll Wed Aug 04 00:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 00:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 00:59:11 2004 (4110974F)
77d40000 77dd0000 user32 user32.dll Wed Mar 02 10:09:29 2005 (42260159)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 00:56:23 2004 (411096A7)
77e70000 77f01000 rpcrt4 rpcrt4.dll Wed Aug 04 00:56:30 2004 (411096AE)
77f10000 77f57000 gdi32 gdi32.dll Wed Dec 28 18:54:35 2005 (43B34FEB)
77f60000 77fd6000 shlwapi shlwapi.dll Thu Jan 04 06:05:30 2007 (459D09AA)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 00:56:49 2004 (411096C1)
7c340000 7c396000 msvcr71 msvcr71.dll Fri Feb 21 04:42:20 2003 (3E561EAC)
7c3a0000 7c41b000 msvcp71 msvcp71.dll Tue Mar 18 21:14:51 2003 (3E77EEBB)
7c800000 7c8f4000 kernel32 kernel32.dll Wed Jul 05 03:55:00 2006 (44AB9A84)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 00:56:36 2004 (411096B4)
7c9c0000 7d1d5000 shell32 shell32.dll Tue Dec 19 13:52:11 2006 (45885F0B)
7e290000 7e401000 shdocvw shdocvw.dll Thu Jan 04 06:05:30 2007 (459D09AA)
7e830000 7eb9f000 mshtml mshtml.dll Tue Nov 07 21:03:34 2006 (45516526)
Closing open log file c:\debuglog.txt

Guest · Mar 24, 2007

Silat said:
Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)
75f60000 75f67000 drprov drprov.dll Wed Aug 04 00:57:02 2004 (411096CE)
75f70000 75f79000 davclnt davclnt.dll Wed Aug 04 00:56:08 2004 (41109698)
75f80000 7607d000 browseui browseui.dll Thu Jan 04 06:05:28 2007 (459D09A8)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 00:59:13 2004 (41109751)
76200000 76277000 mshtmled mshtmled.dll Tue Nov 07 21:03:34 2006 (45516526)
76280000 762a1000 stobject stobject.dll Wed Aug 04 00:59:26 2004 (4110975E)
76360000 76370000 winsta winsta.dll Wed Aug 04 00:56:40 2004 (411096B8)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 00:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 00:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 00:56:32 2004 (411096B0)
76400000 765a6000 netshell netshell.dll Wed Aug 04 00:56:37 2004 (411096B5)
76600000 7661d000 cscdll cscdll.dll Wed Aug 04 00:56:07 2004 (41109697)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 00:56:40 2004 (411096B8)
76980000 76988000 linkinfo linkinfo.dll Wed Aug 31 18:41:53 2005 (43165C61)
76990000 769b5000 ntshrui ntshrui.dll Wed Aug 04 00:57:09 2004 (411096D5)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 00:56:41 2004 (411096B9)
76b20000 76b31000 atl atl.dll Wed Aug 04 00:56:55 2004 (411096C7)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 00:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 00:56:58 2004 (411096CA)
76c00000 76c2e000 credui credui.dll Wed Aug 04 00:56:42 2004 (411096BA)
76c30000 76c5e000 wintrust wintrust.dll Wed Aug 04 00:56:41 2004 (411096B9)
76c90000 76cb8000 imagehlp imagehlp.dll Wed Aug 04 00:56:25 2004 (411096A9)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 05:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 00:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 00:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 00:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 00:56:25 2004 (411096A9)
76f50000 76f58000 wtsapi32 wtsapi32.dll Wed Aug 04 00:57:55 2004 (41109703)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 00:56:43 2004 (411096BB)
76fd0000 7704f000 clbcatq clbcatq.dll Mon Jul 25 21:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 00:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 00:57:39 2004 (411096F3)
771b0000 7727e000 wininet wininet.dll Tue Nov 07 21:03:34 2006 (45516526)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 08:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Mon Jul 25 21:39:47 2005 (42E5BE93)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 00:56:32 2004 (411096B0)
77a20000 77a74000 cscui cscui.dll Wed Aug 04 00:56:08 2004 (41109698)
77a80000 77b14000 crypt32 crypt32.dll Wed Aug 04 00:56:01 2004 (41109691)
77b20000 77b32000 msasn1 msasn1.dll Wed Aug 04 00:57:23 2004 (411096E3)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 00:56:36 2004 (411096B4)
77bd0000 77bd7000 midimap midimap.dll Wed Aug 04 00:56:25 2004 (411096A9)
77be0000 77bf5000 msacm32 msacm32.dll Wed Aug 04 00:57:03 2004 (411096CF)
77c00000 77c08000 version version.dll Wed Aug 04 00:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 00:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 00:59:11 2004 (4110974F)
77d40000 77dd0000 user32 user32.dll Wed Mar 02 10:09:29 2005 (42260159)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 00:56:23 2004 (411096A7)
77e70000 77f01000 rpcrt4 rpcrt4.dll Wed Aug 04 00:56:30 2004 (411096AE)
77f10000 77f57000 gdi32 gdi32.dll Wed Dec 28 18:54:35 2005 (43B34FEB)
77f60000 77fd6000 shlwapi shlwapi.dll Thu Jan 04 06:05:30 2007 (459D09AA)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 00:56:49 2004 (411096C1)

Hi Silat,
Did you install any security updates recently?.
A client application may intermittently receive an error message when a
client application tries to create a COM+ component
http://support.microsoft.com/kb/911359
Also it could be the work of Add-Ons so try to clean up and disable
non-verified Add-Ons on the IE properties:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.

2.... And also for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
HTH.
Let us know.
nass
===
www.nasstec.co.uk

Guest · Mar 28, 2007

Hi Silat,
Do you have third-party toolbars installed?.
If you do please uninstall them and clean up all traces, also if you have an
older version of Spybot or lavasoft or AVG try to download the latest version
for them.

***WARNING: Unable to verify checksum for ggtaskbar.dll
This belong to google toolbar or Google earth, try to uninstall it and then
reinstall after doing disk clean up and chkdsk.
You will find this file here inthis path:
C:\Programfiler\Google\deskbar-0.5.95.0\ggtaskbar.dll

This means that the debugger has found a driver is at fault but, being a
third-party driver, there are no symbols for it ([Microsoft does not store
all of the third-party drivers]. You can ignore this.
Try to verify your drivers by opening a run command and type in:
verifier.exe click [OK]

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1230531&SiteID=1

A client application may intermittently receive an error message when a
client application tries to create a COM+ component
http://support.microsoft.com/kb/911359

You can use Process Explorer to monitor the running processes in the
background, you can download from Microsoft site.
HTH.
Let us know.
Regards,
nass
===
www.nasstec.co.uk

Silat said:
Thanks for your help. Hope your weekend is going well
Yes all updated.
I ran a memtest 2 nights ago. All is well.
Im trying to disable context menu items with shexview. Im disabling half of
them at a time to see if I get the error. I figure that is the easiest
process of elimination.
Thanks again for your time and help Nass. I really appreciate it

--
+Silat

nass said:

Hi,
Try to run memtest and try to reposition the RAM in each other slots and see
if that will help:
Download memtest from here:
http://www.memtest86.com/
Meanwhile I will dig deep in your Log as I just have a quick look as you can
see it is lengthy LOL.
What about your motherboard, all up2dates?.
HTH.
nass

Silat said:

Thanks for your reply Nass. I will follow your directions.
This problem has been going on for months. I do install critical updates
about once a month or check for them.
It doesnt seem to be associated with IE.
It seems to be an winExplorer error although I cant make it happen. Ive
never noticed it happening when using the browser. It happens when Im using
windows explorer or doing something with folders.
Does the dumpfile give a clue as to what program caused the error?
As far as malware goes I run a clean machine. I actually help others clean
theirs My scans and hijack logs are pritine. I clean my temp files and such
more than once daily.
--
+Silat

:

:

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)

Click to expand...

Click to expand...

Guest · Mar 28, 2007

Thanks for your reply Nass. I will follow your directions.
This problem has been going on for months. I do install critical updates
about once a month or check for them.
It doesnt seem to be associated with IE.
It seems to be an winExplorer error although I cant make it happen. Ive
never noticed it happening when using the browser. It happens when Im using
windows explorer or doing something with folders.
Does the dumpfile give a clue as to what program caused the error?
As far as malware goes I run a clean machine. I actually help others clean
theirs

My scans and hijack logs are pritine. I clean my temp files and such
more than once daily.
--
+Silat

nass said:
Silat said:

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)
75f60000 75f67000 drprov drprov.dll Wed Aug 04 00:57:02 2004 (411096CE)
75f70000 75f79000 davclnt davclnt.dll Wed Aug 04 00:56:08 2004 (41109698)
75f80000 7607d000 browseui browseui.dll Thu Jan 04 06:05:28 2007 (459D09A8)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 00:59:13 2004 (41109751)
76200000 76277000 mshtmled mshtmled.dll Tue Nov 07 21:03:34 2006 (45516526)
76280000 762a1000 stobject stobject.dll Wed Aug 04 00:59:26 2004 (4110975E)
76360000 76370000 winsta winsta.dll Wed Aug 04 00:56:40 2004 (411096B8)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 00:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 00:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 00:56:32 2004 (411096B0)
76400000 765a6000 netshell netshell.dll Wed Aug 04 00:56:37 2004 (411096B5)
76600000 7661d000 cscdll cscdll.dll Wed Aug 04 00:56:07 2004 (41109697)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 00:56:40 2004 (411096B8)
76980000 76988000 linkinfo linkinfo.dll Wed Aug 31 18:41:53 2005 (43165C61)
76990000 769b5000 ntshrui ntshrui.dll Wed Aug 04 00:57:09 2004 (411096D5)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 00:56:41 2004 (411096B9)
76b20000 76b31000 atl atl.dll Wed Aug 04 00:56:55 2004 (411096C7)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 00:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 00:56:58 2004 (411096CA)
76c00000 76c2e000 credui credui.dll Wed Aug 04 00:56:42 2004 (411096BA)
76c30000 76c5e000 wintrust wintrust.dll Wed Aug 04 00:56:41 2004 (411096B9)
76c90000 76cb8000 imagehlp imagehlp.dll Wed Aug 04 00:56:25 2004 (411096A9)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 05:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 00:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 00:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 00:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 00:56:25 2004 (411096A9)
76f50000 76f58000 wtsapi32 wtsapi32.dll Wed Aug 04 00:57:55 2004 (41109703)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 00:56:43 2004 (411096BB)
76fd0000 7704f000 clbcatq clbcatq.dll Mon Jul 25 21:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 00:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 00:57:39 2004 (411096F3)
771b0000 7727e000 wininet wininet.dll Tue Nov 07 21:03:34 2006 (45516526)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 08:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Mon Jul 25 21:39:47 2005 (42E5BE93)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 00:56:32 2004 (411096B0)
77a20000 77a74000 cscui cscui.dll Wed Aug 04 00:56:08 2004 (41109698)
77a80000 77b14000 crypt32 crypt32.dll Wed Aug 04 00:56:01 2004 (41109691)
77b20000 77b32000 msasn1 msasn1.dll Wed Aug 04 00:57:23 2004 (411096E3)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 00:56:36 2004 (411096B4)
77bd0000 77bd7000 midimap midimap.dll Wed Aug 04 00:56:25 2004 (411096A9)
77be0000 77bf5000 msacm32 msacm32.dll Wed Aug 04 00:57:03 2004 (411096CF)
77c00000 77c08000 version version.dll Wed Aug 04 00:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 00:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 00:59:11 2004 (4110974F)

Click to expand...

Guest · Mar 28, 2007

Thanks for your help. Hope your weekend is going well

Yes all updated.
I ran a memtest 2 nights ago. All is well.
Im trying to disable context menu items with shexview. Im disabling half of
them at a time to see if I get the error. I figure that is the easiest
process of elimination.
Thanks again for your time and help Nass. I really appreciate it

--
+Silat

nass said:
Hi,
Try to run memtest and try to reposition the RAM in each other slots and see
if that will help:
Download memtest from here:
http://www.memtest86.com/
Meanwhile I will dig deep in your Log as I just have a quick look as you can
see it is lengthy LOL.
What about your motherboard, all up2dates?.
HTH.
nass

Silat said:

Thanks for your reply Nass. I will follow your directions.
This problem has been going on for months. I do install critical updates
about once a month or check for them.
It doesnt seem to be associated with IE.
It seems to be an winExplorer error although I cant make it happen. Ive
never noticed it happening when using the browser. It happens when Im using
windows explorer or doing something with folders.
Does the dumpfile give a clue as to what program caused the error?
As far as malware goes I run a clean machine. I actually help others clean
theirs My scans and hijack logs are pritine. I clean my temp files and such
more than once daily.
--
+Silat

nass said:

:

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)
75f60000 75f67000 drprov drprov.dll Wed Aug 04 00:57:02 2004 (411096CE)
75f70000 75f79000 davclnt davclnt.dll Wed Aug 04 00:56:08 2004 (41109698)
75f80000 7607d000 browseui browseui.dll Thu Jan 04 06:05:28 2007 (459D09A8)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 00:59:13 2004 (41109751)
76200000 76277000 mshtmled mshtmled.dll Tue Nov 07 21:03:34 2006 (45516526)
76280000 762a1000 stobject stobject.dll Wed Aug 04 00:59:26 2004 (4110975E)
76360000 76370000 winsta winsta.dll Wed Aug 04 00:56:40 2004 (411096B8)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 00:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 00:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 00:56:32 2004 (411096B0)
76400000 765a6000 netshell netshell.dll Wed Aug 04 00:56:37 2004 (411096B5)
76600000 7661d000 cscdll cscdll.dll Wed Aug 04 00:56:07 2004 (41109697)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 00:56:40 2004 (411096B8)
76980000 76988000 linkinfo linkinfo.dll Wed Aug 31 18:41:53 2005 (43165C61)
76990000 769b5000 ntshrui ntshrui.dll Wed Aug 04 00:57:09 2004 (411096D5)

Click to expand...

Click to expand...

Guest · Mar 28, 2007

Hi,
Try to run memtest and try to reposition the RAM in each other slots and see
if that will help:
Download memtest from here:
http://www.memtest86.com/
Meanwhile I will dig deep in your Log as I just have a quick look as you can
see it is lengthy LOL.
What about your motherboard, all up2dates?.
HTH.
nass

Silat said:
Thanks for your reply Nass. I will follow your directions.
This problem has been going on for months. I do install critical updates
about once a month or check for them.
It doesnt seem to be associated with IE.
It seems to be an winExplorer error although I cant make it happen. Ive
never noticed it happening when using the browser. It happens when Im using
windows explorer or doing something with folders.
Does the dumpfile give a clue as to what program caused the error?
As far as malware goes I run a clean machine. I actually help others clean
theirs My scans and hijack logs are pritine. I clean my temp files and such
more than once daily.
--
+Silat

nass said:

Silat said:

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)
62390000 623e3000 shlxthdl shlxthdl.dll Tue Nov 14 03:03:43 2006 (4559A28F)
6c1b0000 6c1fd000 duser duser.dll Wed Aug 04 00:56:04 2004 (41109694)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 00:55:58 2004 (4110968E)
708f0000 70903000 asycfilt asycfilt.dll Wed Aug 04 00:56:44 2004 (411096BC)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 00:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 00:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 00:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 00:56:29 2004 (411096AD)
71c10000 71c1e000 ntlanman ntlanman.dll Wed Aug 04 00:57:00 2004 (411096CC)
71c80000 71c87000 netrap netrap.dll Wed Aug 04 00:56:35 2004 (411096B3)
71c90000 71cd0000 netui1 netui1.dll Wed Aug 04 00:56:39 2004 (411096B7)
71cd0000 71ce7000 netui0 netui0.dll Wed Aug 04 00:56:38 2004 (411096B6)
71d40000 71d5c000 actxprxy actxprxy.dll Wed Aug 04 00:56:04 2004 (41109694)
72410000 7242a000 mydocs mydocs.dll Wed Aug 04 00:59:29 2004 (41109761)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Fri Aug 17 22:33:30 2001
(3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 00:56:54 2004 (411096C6)
73000000 73026000 winspool winspool.drv Wed Aug 04 00:56:38 2004 (411096B6)
736b0000 736b7000 msdmo msdmo.dll Wed Aug 04 00:57:53 2004 (41109701)
73b50000 73b67000 avifil32 avifil32.dll Wed Aug 04 00:57:07 2004 (411096D3)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 00:56:15 2004 (4110969F)
74320000 7435d000 odbc32 odbc32.dll Wed Aug 04 00:57:17 2004 (411096DD)
746c0000 746e9000 msls31 msls31.dll Tue Nov 07 21:03:34 2006 (45516526)
746f0000 7471a000 MSIMTF MSIMTF.dll Wed Aug 04 00:58:33 2004 (41109729)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 00:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 20:54:26 2005 (4313D872)
74ad0000 74ad8000 powrprof powrprof.dll Wed Aug 04 00:56:53 2004 (411096C5)
74af0000 74afa000 batmeter batmeter.dll Wed Aug 04 00:55:59 2004 (4110968F)
74b30000 74b6b000 webcheck webcheck.dll Tue Nov 07 21:03:34 2006 (45516526)
74c80000 74cac000 oleacc oleacc.dll Fri Aug 17 22:33:18 2001 (3B7DFE1E)
754d0000 75550000 cryptui cryptui.dll Wed Aug 04 00:56:06 2004 (41109696)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 00:57:31 2004 (411096EB)
75970000 75a67000 msgina msgina.dll Wed Aug 04 00:58:01 2004 (41109709)
75a70000 75a91000 msvfw32 msvfw32.dll Wed Aug 04 00:59:15 2004 (41109753)
75cf0000 75d81000 mlang mlang.dll Wed Aug 04 00:56:29 2004 (411096AD)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 06:56:28 2006 (4537840C)
75f40000 75f51000 devenum devenum.dll Wed Aug 04 00:56:22 2004 (411096A6)
75f60000 75f67000 drprov drprov.dll Wed Aug 04 00:57:02 2004 (411096CE)
75f70000 75f79000 davclnt davclnt.dll Wed Aug 04 00:56:08 2004 (41109698)
75f80000 7607d000 browseui browseui.dll Thu Jan 04 06:05:28 2007 (459D09A8)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 00:59:13 2004 (41109751)
76200000 76277000 mshtmled mshtmled.dll Tue Nov 07 21:03:34 2006 (45516526)
76280000 762a1000 stobject stobject.dll Wed Aug 04 00:59:26 2004 (4110975E)
76360000 76370000 winsta winsta.dll Wed Aug 04 00:56:40 2004 (411096B8)
76380000 76385000 msimg32 msimg32.dll Wed Aug 04 00:58:31 2004 (41109727)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 00:56:30 2004 (411096AE)
763b0000 763f9000 comdlg32 comdlg32.dll Wed Aug 04 00:56:32 2004 (411096B0)
76400000 765a6000 netshell netshell.dll Wed Aug 04 00:56:37 2004 (411096B5)
76600000 7661d000 cscdll cscdll.dll Wed Aug 04 00:56:07 2004 (41109697)
76780000 76789000 shfolder shfolder.dll Wed Aug 04 00:56:40 2004 (411096B8)
76980000 76988000 linkinfo linkinfo.dll Wed Aug 31 18:41:53 2005 (43165C61)
76990000 769b5000 ntshrui ntshrui.dll Wed Aug 04 00:57:09 2004 (411096D5)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 00:56:41 2004 (411096B9)
76b20000 76b31000 atl atl.dll Wed Aug 04 00:56:55 2004 (411096C7)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 00:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 00:56:58 2004 (411096CA)
76c00000 76c2e000 credui credui.dll Wed Aug 04 00:56:42 2004 (411096BA)
76c30000 76c5e000 wintrust wintrust.dll Wed Aug 04 00:56:41 2004 (411096B9)
76c90000 76cb8000 imagehlp imagehlp.dll Wed Aug 04 00:56:25 2004 (411096A9)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 05:59:41 2006 (446DC13D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 00:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 00:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 00:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 00:56:25 2004 (411096A9)

Click to expand...

Click to expand...

Guest · Mar 29, 2007

Thanks Nass. I do have Rocket Dock installed. I will uninstall it and see if
that stops the issue.
I hope that isnt the problem as I use it alot.
I have been monitoring with process explorer.
Thanks for all your suggestions.

--
+Silat

nass said:
Hi Silat,
Do you have third-party toolbars installed?.
If you do please uninstall them and clean up all traces, also if you have an
older version of Spybot or lavasoft or AVG try to download the latest version
for them.

***WARNING: Unable to verify checksum for ggtaskbar.dll
This belong to google toolbar or Google earth, try to uninstall it and then
reinstall after doing disk clean up and chkdsk.
You will find this file here inthis path:
C:\Programfiler\Google\deskbar-0.5.95.0\ggtaskbar.dll

This means that the debugger has found a driver is at fault but, being a
third-party driver, there are no symbols for it ([Microsoft does not store
all of the third-party drivers]. You can ignore this.
Try to verify your drivers by opening a run command and type in:
verifier.exe click [OK]

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1230531&SiteID=1

A client application may intermittently receive an error message when a
client application tries to create a COM+ component
http://support.microsoft.com/kb/911359

You can use Process Explorer to monitor the running processes in the
background, you can download from Microsoft site.
HTH.
Let us know.
Regards,
nass
===
www.nasstec.co.uk

Silat said:

Thanks for your help. Hope your weekend is going well
Yes all updated.
I ran a memtest 2 nights ago. All is well.
Im trying to disable context menu items with shexview. Im disabling half of
them at a time to see if I get the error. I figure that is the easiest
process of elimination.
Thanks again for your time and help Nass. I really appreciate it

--
+Silat

nass said:

Hi,
Try to run memtest and try to reposition the RAM in each other slots and see
if that will help:
Download memtest from here:
http://www.memtest86.com/
Meanwhile I will dig deep in your Log as I just have a quick look as you can
see it is lengthy LOL.
What about your motherboard, all up2dates?.
HTH.
nass
:

Thanks for your reply Nass. I will follow your directions.
This problem has been going on for months. I do install critical updates
about once a month or check for them.
It doesnt seem to be associated with IE.
It seems to be an winExplorer error although I cant make it happen. Ive
never noticed it happening when using the browser. It happens when Im using
windows explorer or doing something with folders.
Does the dumpfile give a clue as to what program caused the error?
As far as malware goes I run a clean machine. I actually help others clean
theirs My scans and hijack logs are pritine. I clean my temp files and such
more than once daily.
--
+Silat

:

:

Explorer crashes and I would like help figuring out what is causing it.
I tried to make a debug log. Hope I did it right.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\All Users\Application
Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Mar 24 07:42:43.000 2007 (GMT-7)
System Uptime: not available
Process Uptime: 0 days 1:23:10.000
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\windows;C:\windows\system32;C:\windows\system32\drivers
...............................................................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1c4.344): Access violation - code c0000005 (first/second chance not
available)
eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
0:001> !analyze -v;r;kv;lmtn;.logclose;q
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** WARNING: Unable to verify checksum for ggtaskbar.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ggtaskbar.dll -

FAULTING_IP:
+47932dc
047932dc ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 047932dc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 047932dc
Attempt to read from address 047932dc

DEFAULT_BUCKET_ID: BAD_IP

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 047932dc

BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 047932dc

LAST_CONTROL_TRANSFER: from 77d48734 to 047932dc

FAILED_INSTRUCTION_ADDRESS:
+47932dc
047932dc ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150
0117fe5c 77d4b50c 005d62d8 0000001c 00000001 user32!DispatchClientMessage+0xa3
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc
0117ff44 01011e8b 00000000 0117ffb4 77f76f02 explorer!CTray::_MessageLoop+0x24
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~1s; .ecxr ; kb

FAULTING_THREAD: 00000344

FOLLOWUP_IP:
explorer!CTray::_MessageLoop+24
010019c1 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: explorer!CTray::_MessageLoop+24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: explorer

IMAGE_NAME: explorer.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ece

FAILURE_BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

BUCKET_ID: ACCESS_VIOLATION_BAD_IP_explorer!CTray::_MessageLoop+24

Followup: MachineOwner
---------

eax=7ffdb000 ebx=00000000 ecx=013b0ff4 edx=00000003 esi=013b0fef edi=0117fddc
eip=047932dc esp=0117fd78 ebp=0117fda0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
047932dc ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0117fd74 77d48734 002407c6 0000001c 00000001 0x47932dc
0117fda0 77d48816 013b0fef 002407c6 0000001c user32!InternalCallWinProc+0x28
0117fe08 77d4b4c0 00094cb8 013b0fef 002407c6
user32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0117fe5c 77d4b50c 005d62d8 0000001c 00000001
user32!DispatchClientMessage+0xa3 (FPO: [Non-Fpo])
0117fe84 7c90eae3 0117fe94 00000018 005d62d8 user32!__fnDWORD+0x24 (FPO:
[Non-Fpo])
0117fea8 77d493e9 77d493a8 0117ff28 00000000
ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0117fed4 77d49402 0117ff28 00000000 00000000 user32!NtUserPeekMessage+0xc
0117ff00 010019c1 0117ff28 00000000 00000000 user32!PeekMessageW+0xbc (FPO:
[Non-Fpo])
0117ff44 01011e8b 00000000 0117ffb4 77f76f02
explorer!CTray::_MessageLoop+0x24 (FPO: [Non-Fpo])
0117ff50 77f76f02 010460d8 0000005c 0007fc04
explorer!CTray::MainThreadProc+0x29 (FPO: [Non-Fpo])
0117ffb4 7c80b683 00000000 0000005c 0007fc04 shlwapi!WrapperThreadProc+0x94
(FPO: [Non-Fpo])
0117ffec 00000000 77f76e93 0007fdbc 00000000 kernel32!BaseThreadStart+0x37
(FPO: [Non-Fpo])
start end module name
00400000 00409000 normaliz normaliz.dll Thu Jun 29 08:05:42 2006 (44A3EC46)
00c20000 00c3d000 kmw_dll kmw_dll.dll Tue Jul 25 10:01:52 2006 (44C64E80)
00d20000 00d4f000 TrayClock TrayClock.dll Fri Jun 19 15:22:17 1992
(2A425E19)
00dd0000 00df8000 rsaenh rsaenh.dll Tue Jul 06 19:17:12 2004 (40EB5D28)
00e10000 00e51000 badges_icons badges_icons.dll Fri Jun 19 15:22:17 1992
(2A425E19)
01000000 010ff000 explorer explorer.exe Tue Aug 03 23:14:38 2004 (41107ECE)
01a20000 01fe9000 ieframe ieframe.dll Tue Nov 07 21:03:34 2006 (45516526)
024b0000 024b5000 DockShellHook DockShellHook.dll Tue Nov 14 15:58:21 2006
(455A581D)
024f0000 027b6000 msi msi.dll Mon May 02 08:51:33 2005 (42764C85)
027f0000 02802000 browselc browselc.dll Wed Aug 04 00:56:07 2004 (41109697)
034d0000 03502000 filesho filesho.dll Fri Jun 19 15:22:17 1992 (2A425E19)
03920000 0392b000 wondppet wondppet.dll Tue May 28 19:07:15 2002 (3CF437D3)
04d30000 04db8000 shdoclc shdoclc.dll Wed Aug 04 00:56:37 2004 (411096B5)
05770000 0579f000 xpsp1res xpsp1res.dll Wed Aug 04 00:56:40 2004 (411096B8)
057e0000 0581d000 AdvProp AdvProp.dll Fri Jun 19 15:22:17 1992 (2A425E19)
06000000 0600f000 xvid xvid.ax Mon Dec 20 02:10:50 2004 (41C6A52A)
067b0000 0681b000 RealMediaSplitter RealMediaSplitter.ax Fri Nov 25
12:46:31 2005 (43877827)
068e0000 0692f000 drmclien drmclien.dll Tue Aug 03 23:03:47 2004 (41107C43)
06f20000 06f37000 odbcint odbcint.dll Wed Aug 04 00:57:25 2004 (411096E5)
0bef0000 0bf27000 MFPLAT MFPLAT.dll Wed Oct 18 22:47:35 2006 (45371177)
0d5b0000 0d614000 MP43DECD MP43DECD.dll Wed Oct 18 22:47:53 2006 (45371189)
0f000000 0f0a7000 ntvdm ntvdm.exe Tue Aug 03 23:07:58 2004 (41107D3E)
0ffb0000 0fff5000 wow32 wow32.dll Tue Aug 03 23:08:08 2004 (41107D48)
10000000 10012000 RocketDock RocketDock.dll Mon Mar 19 00:04:35 2007
(45FE3603)
10930000 10979000 PortableDeviceApi PortableDeviceApi.dll Wed Oct 18
22:47:31 2006 (45371173)
109c0000 109ec000 PortableDeviceTypes PortableDeviceTypes.dll Wed Oct 18
22:47:33 2006 (45371175)
10af0000 10b27000 qasf qasf.dll Wed Oct 18 22:47:16 2006 (45371164)
11c70000 11ca9000 WMASF WMASF.dll Wed Oct 18 22:47:23 2006 (4537116B)
15110000 1536a000 wmvcore wmvcore.dll Wed Oct 18 22:48:18 2006 (453711A2)
15380000 154fe000 WMVDECOD WMVDECOD.dll Wed Oct 18 22:48:19 2006 (453711A3)
164a0000 164c3000 WPDShServiceObj WPDShServiceObj.dll Wed Oct 18 22:48:37
2006 (453711B5)
1ff00000 1ff7d000 dxmasf dxmasf.dll Tue Aug 22 01:03:59 2006 (44EABA6F)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 00:56:41 2004 (411096B9)
27230000 2727e000 ggtaskbar ggtaskbar.dll Fri Oct 22 08:34:26 2004
(41792882)
4d4f0000 4d548000 winhttp winhttp.dll Wed Aug 04 00:57:07 2004 (411096D3)
4ec50000 4edf3000 GdiPlus GdiPlus.dll Wed Aug 04 00:55:55 2004 (4110968B)
58390000 5841a000 l3codeca l3codeca.acm Wed Aug 04 00:56:10 2004 (4110969A)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 00:56:43 2004 (411096BB)
5b430000 5b440000 tsappcmp tsappcmp.dll Fri Aug 17 22:36:09 2001 (3B7DFEC9)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 05:28:27 2006 (44E460EB)
5ba60000 5bad1000 themeui themeui.dll Wed Aug 04 00:56:46 2004 (411096BE)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 00:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 08:45:58 2006
(44EF1B36)
5dca0000 5dce5000 iertutil iertutil.dll Tue Oct 17 12:57:14 2006 (4535359A)
5df80000 5dfe0000 qdvd qdvd.dll Wed Aug 04 00:56:26 2004 (411096AA)
60470000 60488000 uwinapi uwinapi.dll Wed Nov 22 04:31:19 2006 (45644317)
60ca0000 60d2c000 qedit qedit.dll Wed Aug 04 00:56:27 2004 (411096AB)
61410000 61534000 urlmon urlmon.dll Tue Nov 07 21:03:34 2006 (45516526)
61ef0000 61f7e000 stlport_vc7145 stlport_vc7145.dll Fri Oct 27 01:42:39
2006 (4541C67F)

Click to expand...

Click to expand...

BSOD apparently caused by ntkrpamp.exe	3	Dec 30, 2007
Blue Screen	2	Apr 6, 2008
dump file any thoughts on this?	8	Mar 7, 2005
Help Analyzing Crash Dump and Pstat	3	Apr 17, 2005
STOP 0XD1 Error on XP SP2	2	Feb 5, 2008
IE closes instantly when I explore the folder	3	Nov 30, 2005
Windows XP Crashing / Rebooting Randomly	1	Jun 16, 2004
Crash dump help!	2	Apr 17, 2007

Explorer errors

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Ask a Question

Similar Threads