Explorer exception

G

Guest

Hello

We are having an issue with one user.
Using WinXP pro SP2
Roming profile

We have rebuilt PC, resetup account and remove local and network Profiles.

Every time she open a excel file Explorer shuts down.

Here is the dump file, any help would be great?

Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=3248)
When: 02/11/2007 @ 10:36:02.193
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: ************
User Name: ccrow
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 4 Stepping 3
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization: ***********
Registered Owner: ***********

*----> Task List <----*
0 System Process
4 Error 0xD0000022
372 Error 0xD0000022
420 Error 0xD0000022
444 Error 0xD0000022
488 Error 0xD0000022
500 Error 0xD0000022
672 Error 0xD0000022
720 Error 0xD0000022
788 Error 0xD0000022
960 Error 0xD0000022
1016 Error 0xD0000022
1128 Error 0xD0000022
1324 Error 0xD0000022
1412 Error 0xD0000022
1436 Error 0xD0000022
1492 Error 0xD0000022
1552 Error 0xD0000022
1572 Error 0xD0000022
1700 Error 0xD0000022
1776 Error 0xD0000022
1856 Error 0xD0000022
396 Error 0xD0000022
880 Error 0xD0000022
1488 Error 0xD0000022
2096 Error 0xD0000022
3248 Explorer.EXE
3604 iexplore.exe
3856 hkcmd.exe
3900 igfxpers.exe
3972 SHSTAT.EXE
492 NWTRAY.EXE
176 agentView.exe
320 ctfmon.exe
364 Merlin_Alerts.exe
908 UdaterUI.exe
1800 McTray.exe
2700 winresa.exe
2784 iexplore.exe
1716 iexplore.exe
932 TOMSDesktop.exe
4064 wfcrun32.exe
4032 WFICA32.EXE
2584 OUTLOOK.EXE
2724 WINWORD.EXE
2172 achiever.exe
2504 AchieverCS.exe
3240 EXCEL.EXE
3792 iexplore.exe
344 dwwin.exe
660 drwtsn32.exe

*----> Module List <----*
(0000000000c20000 - 0000000000c31000: C:\WINDOWS\IME\SPGRMR.DLL
(0000000000f50000 - 0000000000f6d000:
C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(0000000001b10000 - 0000000001b98000: C:\WINDOWS\System32\shdoclc.dll
(0000000002080000 - 000000000208f000: C:\Program
Files\Etalk\AutoQuality\SAHooks.dll
(0000000002bc0000 - 0000000002bd2000: C:\WINDOWS\system32\browselc.dll
(0000000002ca0000 - 0000000002cae000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(0000000003440000 - 000000000345c000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\PDFShell.dll
(000000000a000000 - 000000000a012000: C:\WINDOWS\system32\EntApi.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001005b000: C:\Program Files\Common
Files\Microsoft Shared\Ink\SKCHUI.DLL
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000032520000 - 0000000032532000: C:\Program Files\Microsoft
Office\Office10\msohev.dll
(000000004ec50000 - 000000004edf3000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(0000000050d00000 - 0000000050d15000: C:\WINDOWS\system32\CLNWIN32.DLL
(0000000050d20000 - 0000000050d4b000: C:\WINDOWS\system32\CALWIN32.DLL
(0000000050d50000 - 0000000050d97000: C:\WINDOWS\system32\NETWIN32.DLL
(0000000050da0000 - 0000000050dab000: C:\WINDOWS\system32\CLXWIN32.DLL
(0000000050db0000 - 0000000050ddb000: C:\WINDOWS\system32\NCPWIN32.dll
(0000000050df0000 - 0000000050e10000: C:\WINDOWS\system32\LOCWIN32.DLL
(0000000058200000 - 00000000582cd000: C:\WINDOWS\system32\NOVNPNT.DLL
(0000000058300000 - 0000000058338000: C:\WINDOWS\system32\MAPBASE.dll
(0000000058380000 - 00000000583bd000: C:\WINDOWS\system32\NWSHLXNT.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\System32\themeui.dll
(000000005c2c0000 - 000000005c300000: C:\WINDOWS\ime\sptip.dll
(000000005cb00000 - 000000005cb6e000: C:\WINDOWS\system32\shimgvw.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(000000005fc10000 - 000000005fc43000: C:\WINDOWS\System32\msutb.dll
(00000000605d0000 - 00000000605d9000: C:\WINDOWS\system32\mslbui.dll
(0000000062c30000 - 0000000062c3d000: C:\WINDOWS\System32\twext.dll
(0000000066900000 - 000000006691b000: C:\Program Files\McAfee\Common
Framework\JrMac.dll
(000000006a400000 - 000000006a41b000:
C:\WINDOWS\system32\NLS\ENGLISH\MAPBASER.DLL
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\System32\actxprxy.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\sensapi.dll
(00000000746c0000 - 00000000746e7000: C:\WINDOWS\System32\msls31.dll
(00000000746f0000 - 000000007471a000: C:\WINDOWS\System32\msimtf.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\System32\MSCTF.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\System32\webcheck.dll
(0000000074c80000 - 0000000074cac000: C:\WINDOWS\system32\OLEACC.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\mlang.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076080000 - 00000000760e5000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\System32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.DLL
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d49e000: C:\WINDOWS\system32\msi.dll
(000000007dc30000 - 000000007df21000: C:\WINDOWS\System32\mshtml.dll
(000000007e1e0000 - 000000007e280000: C:\WINDOWS\system32\urlmon.dll
(000000007e290000 - 000000007e3ff000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0xcb4 <----*

eax=0007fed4 ebx=00000003 ecx=0007fed4 edx=7c90eb94 esi=000a2f70 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca0be9c 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 000a2f70 7ffdf000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 00020876 Explorer+0x16e95
0007ffc0 7c816fd7 00000002 5d094598 7ffdf000 Explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 18 94 41 7e 02 3c a2 7c - 9c 92 80 7c 70 2f 0a 00
...A~.<.|...|p/..
000000000007ff00 70 2f 0a 00 14 ff 07 00 - 14 ff 07 00 9c be a0 7c
p/.............|
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 70 2f 0a 00
.....\....n..p/..
000000000007ff20 00 f0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00
.............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c 65 ac 80 7c
P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 b4 03 01 00
.................
000000000007ff50 a8 00 00 00 01 00 00 00 - 70 2f 0a 00 c0 ff 07 00
.........p/......
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 76 08 02 00
.............v...
000000000007ff70 01 00 00 00 02 00 00 00 - 98 45 09 5d 44 00 00 00
..........E.]D...
000000000007ff80 c8 08 02 00 a8 08 02 00 - 78 08 02 00 00 00 00 00
.........x.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 4e 09 91 7c
.............N..|
000000000007ffa0 e8 f2 07 00 24 00 02 00 - 01 00 00 00 01 00 00 00
.....$...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 02 00 00 00 98 45 09 5d
......o.|.....E.]
000000000007ffd0 00 f0 fd 7f ed a6 54 80 - c8 ff 07 00 90 34 e0 85
.......T......4..
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00
........|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00
.........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx
.........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00
......... .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00
.............4...

*----> State Dump for Thread Id 0x43c <----*

eax=0000001d ebx=00000102 ecx=00000002 edx=7c90eb94 esi=00ceff28 edi=00000000
eip=7c90eb94 esp=00cefeac ebp=00cefed4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00cefed4 7e419402 00ceff28 00000000 00000000 ntdll!KiFastSystemCallRet
00ceff00 010019c1 00ceff28 00000000 00000000 USER32!PeekMessageW+0x167
00ceff44 01011e8b 00000000 00ceffb4 77f7429a Explorer+0x19c1
00ceff50 77f7429a 010460d8 0000005c 00860044 Explorer+0x11e8b
00ceffb4 7c80b683 00000000 0000005c 00860044 SHLWAPI!Ordinal505+0x3e9
00ceffec 00000000 77f7422b 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000cefeac e9 93 41 7e a8 93 41 7e - 28 ff ce 00 00 00 00 00
...A~..A~(.......
0000000000cefebc 00 00 00 00 00 00 00 00 - 01 00 00 00 c8 38 55 00
..............8U.
0000000000cefecc 00 b0 fd 7f ba b8 41 7e - 00 ff ce 00 02 94 41 7e
.......A~......A~
0000000000cefedc 28 ff ce 00 00 00 00 00 - 00 00 00 00 00 00 00 00
(...............
0000000000cefeec 01 00 00 00 00 00 00 00 - 00 00 00 00 d8 60 04 01
..............`..
0000000000cefefc ba b8 41 7e 44 ff ce 00 - c1 19 00 01 28 ff ce 00
...A~D.......(...
0000000000ceff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00
.................
0000000000ceff1c 00 00 00 00 d8 60 04 01 - 00 00 00 00 00 00 00 00
......`..........
0000000000ceff2c ae c0 00 00 00 00 00 00 - c4 09 00 00 22 67 5d 00
............."g].
0000000000ceff3c 44 02 00 00 da 01 00 00 - 50 ff ce 00 8b 1e 01 01
D.......P.......
0000000000ceff4c 00 00 00 00 b4 ff ce 00 - 9a 42 f7 77 d8 60 04 01
..........B.w.`..
0000000000ceff5c 5c 00 00 00 44 00 86 00 - bc fd 07 00 62 1e 01 01
\...D.......b...
0000000000ceff6c b1 79 01 01 64 01 00 00 - d8 60 04 01 08 00 00 00
..y..d....`......
0000000000ceff7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000ceff8c 00 00 00 00 d0 7b e0 85 - 42 24 50 80 00 00 00 00
......{..B$P.....
0000000000ceff9c 00 00 00 00 00 00 00 00 - 4a 24 50 80 00 00 00 00
.........J$P.....
0000000000ceffac f2 4e 6e 80 dc e2 90 7c - ec ff ce 00 83 b6 80 7c
..Nn....|.......|
0000000000ceffbc 00 00 00 00 5c 00 00 00 - 44 00 86 00 bc fd 07 00
.....\...D.......
0000000000ceffcc 00 b0 fd 7f 00 e6 5b 86 - c0 ff ce 00 c8 a5 df 85
.......[.........
0000000000ceffdc ff ff ff ff a8 9a 83 7c - 90 b6 80 7c 00 00 00 00
........|...|....

*----> State Dump for Thread Id 0x8d8 <----*

eax=7c92798d ebx=00000000 ecx=000a0000 edx=77dd6a51 esi=7c90fb71 edi=ffffffff
eip=7c90eb94 esp=00d2ff9c ebp=00d2ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00d2ffb4 7c80b683 00000000 ffffffff 7c90fb71 ntdll!KiFastSystemCallRet
00d2ffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d2ff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff d2 00
\..|.y.|........
0000000000d2ffac 00 00 00 00 00 00 00 80 - ec ff d2 00 83 b6 80 7c
................|
0000000000d2ffbc 00 00 00 00 ff ff ff ff - 71 fb 90 7c 00 00 00 00
.........q..|....
0000000000d2ffcc 00 a0 fd 7f 00 c6 5b 86 - c0 ff d2 00 88 14 de 85
.......[.........
0000000000d2ffdc ff ff ff ff a8 9a 83 7c - 90 b6 80 7c 00 00 00 00
........|...|....
0000000000d2ffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00
..........y.|....
0000000000d2fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d3009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d300ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d300bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d300cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x8f0 <----*

eax=000000c0 ebx=00000000 ecx=7c910992 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=00dafcec ebp=00daffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00daffb4 7c80b683 00000000 00000020 00cefce4 ntdll!KiFastSystemCallRet
00daffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000dafcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd da 00
....|...|....0...
0000000000dafcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00
............. ...
0000000000dafd0c e4 fc ce 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c
............|...|
0000000000dafd1c d0 01 00 00 f0 08 00 00 - 03 00 00 00 03 00 00 00
.................
0000000000dafd2c 02 00 00 00 cc 01 00 00 - b4 01 00 00 18 06 00 00
.................
0000000000dafd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000dafe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x918 <----*

eax=02eaacf0 ebx=00e4fd58 ecx=e9110002 edx=e9110003 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=00e4fd30 ebp=00e4fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00e4fdcc 7e4195f9 00000008 00e4fdf4 00000000 ntdll!KiFastSystemCallRet
00e4fe28 7c9f4e7f 00000007 00e4fe50 ffffffff USER32!GetLastInputInfo+0x105
00e4ff4c 7ca0a398 77f7429a 00000000 000600f4 SHELL32!Ordinal646+0x21da
00e4ffb4 7c80b683 00000000 000600f4 00ceefc4 SHELL32!Ordinal753+0x133
00e4ffec 00000000 77f7422b 00cef324 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e4fd30 ab e9 90 7c e2 94 80 7c - 08 00 00 00 58 fd e4 00
....|...|....X...
0000000000e4fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e4fd50 08 00 00 00 02 00 00 00 - 94 09 00 00 98 05 00 00
.................
0000000000e4fd60 24 06 00 00 2c 04 00 00 - 78 03 00 00 14 02 00 00
$...,...x.......
0000000000e4fd70 28 02 00 00 fc 01 00 00 - 14 00 00 00 01 00 00 00
(...............
0000000000e4fd80 80 62 0d 00 00 00 00 00 - 00 00 00 00 ec fd e4 00
..b..............
0000000000e4fd90 57 04 44 7e 30 88 41 7e - 00 f0 fd 7f 00 70 fd 7f
W.D~0.A~.....p..
0000000000e4fda0 cd 89 41 7e 00 00 00 00 - 58 fd e4 00 8c 00 04 00
...A~....X.......
0000000000e4fdb0 08 00 00 00 4c fd e4 00 - 00 00 00 00 dc ff e4 00
.....L...........
0000000000e4fdc0 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 28 fe e4 00
....|...|....(...
0000000000e4fdd0 f9 95 41 7e 08 00 00 00 - f4 fd e4 00 00 00 00 00
...A~............
0000000000e4fde0 ff ff ff ff 01 00 00 00 - 98 98 0f 00 07 00 00 00
.................
0000000000e4fdf0 00 00 00 00 94 09 00 00 - 98 05 00 00 24 06 00 00
.............$...
0000000000e4fe00 2c 04 00 00 78 03 00 00 - 14 02 00 00 28 02 00 00
,...x.......(...
0000000000e4fe10 fc 01 00 00 74 bd 00 00 - 00 00 00 00 01 00 00 00
.....t...........
0000000000e4fe20 00 70 fd 7f fc 01 00 00 - 4c ff e4 00 7f 4e 9f 7c
..p......L....N.|
0000000000e4fe30 07 00 00 00 50 fe e4 00 - ff ff ff ff ff 04 00 00
.....P...........
0000000000e4fe40 f4 fd e4 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000e4fe50 94 09 00 00 98 05 00 00 - 24 06 00 00 2c 04 00 00
.........$...,...
0000000000e4fe60 78 03 00 00 14 02 00 00 - 28 02 00 00 28 02 00 00
x.......(...(...

*----> State Dump for Thread Id 0xeec <----*

rest to follow
 
G

Guest

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
038afbe0 7e4195f9 00000002 038afc08 00000000 ntdll!KiFastSystemCallRet
038afc3c 6c1e4b92 00000001 038afc70 ffffffff USER32!GetLastInputInfo+0x105
038afc5c 6c1e4cfd 000024ff ffffffff 00000000 DUSER+0x34b92
038afc80 6c1e4ef9 000024ff 00000000 038afcac DUSER+0x34cfd
038afc90 7e458c03 000024ff 00000000 00000064 DUSER+0x34ef9
038afcac 7c90eae3 038afcbc 00000008 000024ff USER32!DdeConnectList+0x955
038aff20 75fa5325 02e8e948 0007e0b8 774fd9cd
ntdll!KiUserCallbackDispatcher+0x13
038affb4 7c80b683 02e8e948 0007e0b8 774fd9cd BROWSEUI!Ordinal138+0x7b45
038affec 00000000 75fa52d5 02e8e948 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000038afb44 ab e9 90 7c e2 94 80 7c - 02 00 00 00 6c fb 8a 03
....|...|....l...
00000000038afb54 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000038afb64 02 00 00 00 00 00 00 00 - b4 0b 00 00 54 0a 00 00
.............T...
00000000038afb74 a4 fb 8a 03 1b 61 1e 6c - dc 5f 1e 6c 0c fc 8a 03
......a.l._.l....
00000000038afb84 90 0f 0a 02 08 d9 ea 02 - 14 00 00 00 01 00 00 00
.................
00000000038afb94 00 00 00 00 00 00 00 00 - 10 00 00 00 82 0c 42 77
...............Bw
00000000038afba4 d0 fb 8a 03 34 87 41 7e - 00 f0 fd 7f 00 f0 fa 7f
.....4.A~........
00000000038afbb4 00 00 00 00 00 00 00 00 - 6c fb 8a 03 cd ab ba dc
.........l.......
00000000038afbc4 02 00 00 00 60 fb 8a 03 - 90 0f 0a 02 a4 ff 8a 03
.....`...........
00000000038afbd4 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 3c fc 8a 03
....|...|....<...
00000000038afbe4 f9 95 41 7e 02 00 00 00 - 08 fc 8a 03 00 00 00 00
...A~............
00000000038afbf4 ff ff ff ff 00 00 00 00 - ff ff ff ff 01 00 00 00
.................
00000000038afc04 9c 92 80 7c b4 0b 00 00 - 54 0a 00 00 8e 72 1e 6c
....|....T....r.l
00000000038afc14 ff ff ff ff a9 72 1e 6c - dc 10 58 00 38 01 ea 02
......r.l..X.8...
00000000038afc24 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000038afc34 00 f0 fa 7f 54 0a 00 00 - 5c fc 8a 03 92 4b 1e 6c
.....T...\....K.l
00000000038afc44 01 00 00 00 70 fc 8a 03 - ff ff ff ff ff 24 00 00
.....p........$..
00000000038afc54 08 fc 8a 03 a8 7b e7 02 - 80 fc 8a 03 fd 4c 1e 6c
......{.......L.l
00000000038afc64 ff 24 00 00 ff ff ff ff - 00 00 00 00 b4 0b 00 00
..$..............
00000000038afc74 00 00 00 00 b8 d4 e8 02 - 00 00 00 00 90 fc 8a 03
.................

*----> State Dump for Thread Id 0xd00 <----*

eax=03d5fd08 ebx=02ea3b30 ecx=71b2cae7 edx=71b2f038 esi=00000000 edi=0042005c
eip=5b8991e4 esp=03d5fca8 ebp=03d5fd18 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\NETAPI32.dll -
function: NETAPI32!NetDfsGetClientInfo
5b8991c7 90 nop
5b8991c8 90 nop
NETAPI32!NetDfsGetClientInfo:
5b8991c9 6a54 push 0x54
5b8991cb 680895895b push 0x5b899508
5b8991d0 e85baafcff call NETAPI32!NetpNtStatusToApiStatus+0x20
(5b863c30)
5b8991d5 8365d800 and dword ptr [ebp-0x28],0x0
5b8991d9 8b7d08 mov edi,[ebp+0x8]
5b8991dc 85ff test edi,edi
5b8991de 0f8417030000 je NETAPI32!NetDfsGetClientInfo+0x332
(5b8994fb)
FAULT ->5b8991e4 66833f00 cmp word ptr [edi],0x0
ds:0023:0042005c=????
5b8991e8 0f840d030000 je NETAPI32!NetDfsGetClientInfo+0x332
(5b8994fb)
5b8991ee 837d1401 cmp dword ptr [ebp+0x14],0x1
5b8991f2 0f82ff020000 jb NETAPI32!NetDfsGetClientInfo+0x32e
(5b8994f7)
5b8991f8 837d1404 cmp dword ptr [ebp+0x14],0x4
5b8991fc 0f87f5020000 jnbe NETAPI32!NetDfsGetClientInfo+0x32e
(5b8994f7)
5b899202 57 push edi
5b899203 8b35d812865b mov esi,[NETAPI32+0x12d8 (5b8612d8)]
5b899209 ffd6 call esi
5b89920b 59 pop ecx
5b89920c 83f802 cmp eax,0x2

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\twext.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
03d5fd18 62c32912 0042005c 00000000 00000000 NETAPI32!NetDfsGetClientInfo+0x1b
03d5fd3c 62c329b9 0042005c 03d5fe20 02ea3b34 twext+0x2912
03d5fd58 62c32a0c 0000021a 02ebb7e8 03d5fd7c twext+0x29b9
03d5fd68 62c35a77 02ea3b30 00000000 02ea3b30 twext+0x2a0c
03d5fd7c 62c35e1d 00000000 00000000 00000000 twext+0x5a77
03d5fda0 7ca92920 02ebbfc0 02ebb7e8 00000001 twext+0x5e1d
03d5fdec 7caa2c91 02ebbfc0 02ebbfb8 00000001 SHELL32!Ordinal751+0x945
03d5fe0c 7caa0ed8 02ec9008 00106d58 00000001 SHELL32!Ordinal744+0x165f
03d5fe30 7caa0ffc 7ca5e638 02ec9008 00106d58 SHELL32!Ordinal5+0x3208
03d5fe4c 7cb29c6c 02eb7ff8 00106d58 00000001 SHELL32!Ordinal5+0x332c
03d5fe68 7cac13cb 00000002 03d5fe84 7cb8105c SHELL32!Ordinal211+0x17e7
03d5fe74 7cb8105c 02eae8a8 00175280 03d5fee0 SHELL32!Ordinal205+0x552a
03d5fe84 75f93042 02eae8a8 75f81b18 75f80000 SHELL32!Ordinal712+0x1c35f
03d5fee0 77f69498 02eb8bb0 02e5e0c0 77f6947b BROWSEUI!DllCanUnloadNow+0x8df1
03d5fef8 7c927545 02e5e0c0 7c97c3a0 02eb9ff0 SHLWAPI!Ordinal120+0xbf
03d5ff40 7c927583 77f6947b 02e5e0c0 00000000
ntdll!RtlUpcaseUnicodeString+0x159
03d5ff60 7c927645 00000000 02e5e0c0 02eb9ff0
ntdll!RtlUpcaseUnicodeString+0x197
03d5ff74 7c92761c 7c927569 00000000 02e5e0c0
ntdll!RtlUpcaseUnicodeString+0x259
03d5ffb4 7c80b683 00000000 038ad2a0 038ad2a0
ntdll!RtlUpcaseUnicodeString+0x230
03d5ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003d5fca8 5c 00 42 00 00 00 00 00 - 30 3b ea 02 d8 fc d5 03
\.B.....0;......
0000000003d5fcb8 00 00 00 00 f0 ac ea 02 - 32 dc 94 7c ee db 94 7c
.........2..|...|
0000000003d5fcc8 28 02 00 00 1e 00 00 00 - 00 00 0a 00 cc fa d5 03
(...............
0000000003d5fcd8 44 00 00 00 28 fd d5 03 - 04 00 00 00 30 3b ea 02
D...(.......0;..
0000000003d5fce8 ff ff ff ff f0 ac ea 02 - 00 00 00 00 01 00 00 00
.................
0000000003d5fcf8 68 fc d5 03 fc ac ea 02 - a8 fc d5 03 cc f8 d5 03
h...............
0000000003d5fd08 30 ff d5 03 99 b4 86 5b - 08 95 89 5b ff ff ff ff
0......[...[....
0000000003d5fd18 3c fd d5 03 12 29 c3 62 - 5c 00 42 00 00 00 00 00
<....).b\.B.....
0000000003d5fd28 00 00 00 00 01 00 00 00 - 44 fd d5 03 8d 99 80 7c
.........D......|
0000000003d5fd38 f0 ac ea 02 58 fd d5 03 - b9 29 c3 62 5c 00 42 00
.....X....).b\.B.
0000000003d5fd48 20 fe d5 03 34 3b ea 02 - 00 00 00 00 00 00 00 00
....4;..........
0000000003d5fd58 68 fd d5 03 0c 2a c3 62 - 1a 02 00 00 e8 b7 eb 02
h....*.b........
0000000003d5fd68 7c fd d5 03 77 5a c3 62 - 30 3b ea 02 00 00 00 00
|...wZ.b0;......
0000000003d5fd78 30 3b ea 02 a0 fd d5 03 - 1d 5e c3 62 00 00 00 00
0;.......^.b....
0000000003d5fd88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003d5fd98 ac 18 c3 62 ac 18 c3 62 - ec fd d5 03 20 29 a9 7c
....b...b.... ).|
0000000003d5fda8 c0 bf eb 02 e8 b7 eb 02 - 01 00 00 00 00 00 00 00
.................
0000000003d5fdb8 60 4c e6 02 70 fe d5 03 - 1c fd d5 03 18 ee 90 7c
`L..p..........|
0000000003d5fdc8 00 00 00 00 58 6d 10 00 - 38 e6 a5 7c 00 00 0a 00
.....Xm..8..|....
0000000003d5fdd8 00 00 00 00 00 d0 fa 7f - 40 fe d5 03 00 00 00 00
.........@.......
 
G

Guest

The rest of the dump file

eax=01fd0010 ebx=00000000 ecx=00000000 edx=7c90eb94 esi=019aff98 edi=00000000
eip=7c90eb94 esp=019aff58 ebp=019aff74 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\NETSHELL.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
019aff74 764434cb 019aff98 00000000 00000000 ntdll!KiFastSystemCallRet
019affb4 7c80b683 76476328 7c9c63d8 7cbc0000
NETSHELL!NetSetupSetProgressCallback+0x19160
019affec 00000000 7644348c 76476328 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000019aff58 be 91 41 7e f1 91 41 7e - 98 ff 9a 01 00 00 00 00
...A~..A~........
00000000019aff68 00 00 00 00 00 00 00 00 - c6 91 41 7e b4 ff 9a 01
...........A~....
00000000019aff78 cb 34 44 76 98 ff 9a 01 - 00 00 00 00 00 00 00 00
..4Dv............
00000000019aff88 00 00 00 00 00 00 bc 7c - d8 63 9c 7c 28 63 47 76
........|.c.|(cGv
00000000019aff98 70 00 08 00 00 04 00 00 - be ba 00 00 7c 80 13 00
p...........|...
00000000019affa8 4e cd 0e 00 f6 03 00 00 - 7f 02 00 00 ec ff 9a 01
N...............
00000000019affb8 83 b6 80 7c 28 63 47 76 - d8 63 9c 7c 00 00 bc 7c
....|(cGv.c.|...|
00000000019affc8 28 63 47 76 00 e0 fa 7f - 00 e6 5b 86 c0 ff 9a 01
(cGv......[.....
00000000019affd8 00 3e db 85 ff ff ff ff - a8 9a 83 7c 90 b6 80 7c
..>.........|...|
00000000019affe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8c 34 44 76
..............4Dv
00000000019afff8 28 63 47 76 00 00 00 00 - 00 00 00 00 00 00 00 00
(cGv............
00000000019b0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000019b0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x434 <----*

eax=00000001 ebx=00004e20 ecx=0000c11a edx=7c90eb94 esi=01e3fd68 edi=7e4191c6
eip=7c90eb94 esp=01e3fcf8 ebp=01e3fd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
01e3fd14 76281513 01e3fd68 00000000 00000000 ntdll!KiFastSystemCallRet
01e3fd8c 76283746 76280000 00000000 000101be stobject+0x1513
01e3ffb4 7c80b683 00000000 000a01a8 00000000 stobject!DllCanUnloadNow+0x1fa4
01e3ffec 00000000 762836f7 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001e3fcf8 be 91 41 7e f1 91 41 7e - 68 fd e3 01 00 00 00 00
...A~..A~h.......
0000000001e3fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd e3 01
.................
0000000001e3fd18 13 15 28 76 68 fd e3 01 - 00 00 00 00 00 00 00 00
...(vh...........
0000000001e3fd28 00 00 00 00 a8 01 0a 00 - 00 00 28 76 00 00 00 00
...........(v....
0000000001e3fd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00
0....@..!.(v....
0000000001e3fd48 1e 00 00 00 00 00 28 76 - a3 01 04 00 11 00 01 00
.......(v........
0000000001e3fd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00
..........1(v....
0000000001e3fd68 be 01 01 00 1a c1 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001e3fd78 81 08 51 00 f3 00 00 00 - 17 02 00 00 00 00 00 00
...Q.............
0000000001e3fd88 00 00 00 00 b4 ff e3 01 - 46 37 28 76 00 00 28 76
.........F7(v..(v
0000000001e3fd98 00 00 00 00 be 01 01 00 - 01 00 00 00 00 00 00 00
.................
0000000001e3fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00
C.:.\.W.I.N.D.O.
0000000001e3fdb8 57 00 53 00 5c 00 53 00 - 79 00 73 00 74 00 65 00
W.S.\.S.y.s.t.e.
0000000001e3fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00
m.3.2.\.s.t.o.b.
0000000001e3fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00
j.e.c.t...d.l.l.
0000000001e3fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff e3 01
....|............
0000000001e3fdf8 23 00 00 00 1a b4 4f 80 - e4 4a 50 81 00 10 ee 76
#.....O..JP....v
0000000001e3fe08 00 00 00 00 00 00 00 80 - 0a 00 00 02 24 2b 15 aa
.............$+..
0000000001e3fe18 58 0c 52 80 00 10 ee 76 - 00 00 00 00 00 00 00 00
X.R....v........
0000000001e3fe28 48 f5 df ff 8d 2b 15 aa - b1 2b 15 aa 90 61 0c e1
H....+...+...a..

*----> State Dump for Thread Id 0xbec <----*

eax=0000ffff ebx=02fafb6c ecx=00de00de edx=00de00de esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=02fafb44 ebp=02fafbe0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=ffff es=1f80 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\DUSER.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
02fafbe0 7e4195f9 00000002 02fafc08 00000000 ntdll!KiFastSystemCallRet
02fafc3c 6c1e4b92 00000001 02fafc70 ffffffff USER32!GetLastInputInfo+0x105
02fafc5c 6c1e4cfd 000024ff ffffffff 00000000 DUSER+0x34b92
02fafc80 6c1e4ef9 000024ff 00000000 02fafcac DUSER+0x34cfd
02fafc90 7e458c03 000024ff 00000000 00000064 DUSER+0x34ef9
02fafcac 7c90eae3 02fafcbc 00000008 000024ff USER32!DdeConnectList+0x955
02faff20 75fa5325 00187de8 00000000 00000000
ntdll!KiUserCallbackDispatcher+0x13
02faffb4 7c80b683 00187de8 00000000 00000000 BROWSEUI!Ordinal138+0x7b45
02faffec 00000000 75fa52d5 00187de8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002fafb44 ab e9 90 7c e2 94 80 7c - 02 00 00 00 6c fb fa 02
....|...|....l...
0000000002fafb54 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002fafb64 02 00 00 00 00 00 00 00 - 80 09 00 00 2c 08 00 00
.............,...
0000000002fafb74 a6 07 01 00 1a c1 00 00 - 00 00 00 00 0c fc fa 02
.................
0000000002fafb84 5d 0d 3f 77 f3 00 00 00 - 14 00 00 00 01 00 00 00
].?w............
0000000002fafb94 00 00 00 00 00 00 00 00 - 10 00 00 00 3d 44 00 00
.............=D..
0000000002fafba4 d0 fb fa 02 34 87 41 7e - 00 f0 fd 7f 00 40 fd 7f
.....4.A~.....@..
0000000002fafbb4 00 00 00 00 00 00 00 00 - 6c fb fa 02 cd ab ba dc
.........l.......
0000000002fafbc4 02 00 00 00 60 fb fa 02 - 5d 0d 3f 77 a4 ff fa 02
.....`...].?w....
0000000002fafbd4 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 3c fc fa 02
....|...|....<...
0000000002fafbe4 f9 95 41 7e 02 00 00 00 - 08 fc fa 02 00 00 00 00
...A~............
0000000002fafbf4 ff ff ff ff 00 00 00 00 - ff ff ff ff 01 00 00 00
.................
0000000002fafc04 9c 92 80 7c 80 09 00 00 - 2c 08 00 00 8e 72 1e 6c
....|....,....r.l
0000000002fafc14 ff ff ff ff a9 72 1e 6c - 91 08 51 00 f8 2f e6 02
......r.l..Q../..
0000000002fafc24 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002fafc34 00 40 fd 7f 2c 08 00 00 - 5c fc fa 02 92 4b 1e 6c
..@..,...\....K.l
0000000002fafc44 01 00 00 00 70 fc fa 02 - ff ff ff ff ff 24 00 00
.....p........$..
0000000002fafc54 08 fc fa 02 38 c1 18 00 - 80 fc fa 02 fd 4c 1e 6c
.....8........L.l
0000000002fafc64 ff 24 00 00 ff ff ff ff - 00 00 00 00 80 09 00 00
..$..............
0000000002fafc74 00 00 00 00 00 27 0f 00 - 00 00 00 00 90 fc fa 02
......'..........

*----> State Dump for Thread Id 0xc04 <----*

eax=6c1c3c08 ebx=0308fde8 ecx=02e545b0 edx=00000000 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=0308fdc0 ebp=0308fe5c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
0308fe5c 7e4195f9 00000002 0308fe84 00000000 ntdll!KiFastSystemCallRet
0308feb8 6c1e4b92 00000001 0308feec ffffffff USER32!GetLastInputInfo+0x105
0308fed8 6c1e4ddc 000004ff ffffffff 00000001 DUSER+0x34b92
0308ff0c 6c1de394 0308ff4c 00000000 00000000 DUSER+0x34ddc
0308ff2c 6c1da6f1 0308ff4c 00000000 00000000 DUSER!GetMessageExA+0x44
0308ff80 77c3a3b0 00000000 7c910000 7c9131dc DUSER!DUserStopAnimation+0xa505
0308ffb4 7c80b683 01303d50 7c910000 7c9131dc msvcrt!endthreadex+0xa9
0308ffec 00000000 77c3a341 01303d50 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000308fdc0 ab e9 90 7c e2 94 80 7c - 02 00 00 00 e8 fd 08 03
....|...|........
000000000308fdd0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000308fde0 02 00 00 00 04 00 00 00 - 08 09 00 00 98 02 00 00
.................
000000000308fdf0 60 16 01 49 e0 00 00 00 - e0 01 00 00 00 20 10 03
`..I......... ..
000000000308fe00 40 fe 08 03 b1 a2 1c 6c - 14 00 00 00 01 00 00 00
@......l........
000000000308fe10 00 00 00 00 00 00 00 00 - 10 00 00 00 00 20 10 03
.............. ..
000000000308fe20 01 00 04 00 00 00 00 00 - 00 f0 fd 7f 00 a0 fa 7f
.................
000000000308fe30 a4 ff 08 03 00 00 00 00 - e8 fd 08 03 ff ff ff ff
.................
000000000308fe40 02 00 00 00 dc fd 08 03 - 00 20 10 03 a4 ff 08 03
.......... ......
000000000308fe50 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 b8 fe 08 03
....|...|........
000000000308fe60 f9 95 41 7e 02 00 00 00 - 84 fe 08 03 00 00 00 00
...A~............
000000000308fe70 ff ff ff ff 00 00 00 00 - f8 cd 19 00 01 00 00 00
.................
000000000308fe80 4c ff 08 03 08 09 00 00 - 98 02 00 00 8e 72 1e 6c
L............r.l
000000000308fe90 ff ff ff ff a9 72 1e 6c - b0 08 51 00 b0 45 e5 02
......r.l..Q..E..
000000000308fea0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000308feb0 00 a0 fa 7f 98 02 00 00 - d8 fe 08 03 92 4b 1e 6c
..............K.l
000000000308fec0 01 00 00 00 ec fe 08 03 - ff ff ff ff ff 04 00 00
.................
000000000308fed0 84 fe 08 03 ff ff ff ff - 0c ff 08 03 dc 4d 1e 6c
..............M.l
000000000308fee0 ff 04 00 00 ff ff ff ff - 01 00 00 00 08 09 00 00
.................
000000000308fef0 00 00 00 00 00 00 00 00 - 50 3d 30 01 01 00 00 00
.........P=0.....

*----> State Dump for Thread Id 0x48c <----*

eax=00000000 ebx=0369fb6c ecx=02e70430 edx=02e70430 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=0369fb44 ebp=0369fbe0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0369fbe0 7e4195f9 00000002 0369fc08 00000000 ntdll!KiFastSystemCallRet
0369fc3c 6c1e4b92 00000001 0369fc70 ffffffff USER32!GetLastInputInfo+0x105
0369fc5c 6c1e4cfd 000024ff ffffffff 00000000 DUSER+0x34b92
0369fc80 6c1e4ef9 000024ff 00000000 0369fcac DUSER+0x34cfd
0369fc90 7e458c03 000024ff 00000000 00000064 DUSER+0x34ef9
0369fcac 7c90eae3 0369fcbc 00000008 000024ff USER32!DdeConnectList+0x955
0369ff20 75fa5325 02e8e948 0007e0b8 774fd9cd
ntdll!KiUserCallbackDispatcher+0x13
0369ffb4 7c80b683 02e8e948 0007e0b8 774fd9cd BROWSEUI!Ordinal138+0x7b45
0369ffec 00000000 75fa52d5 02e8e948 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000369fb44 ab e9 90 7c e2 94 80 7c - 02 00 00 00 6c fb 69 03
....|...|....l.i.
000000000369fb54 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000369fb64 02 00 00 00 00 00 00 00 - 84 08 00 00 44 0b 00 00
.............D...
000000000369fb74 50 09 08 00 1a c1 00 00 - 00 00 00 00 0c fc 69 03
P.............i.
000000000369fb84 5d 0d 3f 77 f3 00 00 00 - 14 00 00 00 01 00 00 00
].?w............
000000000369fb94 00 00 00 00 00 00 00 00 - 10 00 00 00 3d 44 00 00
.............=D..
000000000369fba4 d0 fb 69 03 34 87 41 7e - 00 f0 fd 7f 00 60 fd 7f
...i.4.A~.....`..
000000000369fbb4 00 00 00 00 00 00 00 00 - 6c fb 69 03 cd ab ba dc
.........l.i.....
000000000369fbc4 02 00 00 00 60 fb 69 03 - 5d 0d 3f 77 a4 ff 69 03
.....`.i.].?w..i.
000000000369fbd4 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 3c fc 69 03
....|...|....<.i.
000000000369fbe4 f9 95 41 7e 02 00 00 00 - 08 fc 69 03 00 00 00 00
...A~......i.....
000000000369fbf4 ff ff ff ff 00 00 00 00 - ff ff ff ff 01 00 00 00
.................
000000000369fc04 9c 92 80 7c 84 08 00 00 - 44 0b 00 00 8e 72 1e 6c
....|....D....r.l
000000000369fc14 ff ff ff ff a9 72 1e 6c - 91 08 51 00 28 04 e7 02
......r.l..Q.(...
000000000369fc24 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000369fc34 00 60 fd 7f 44 0b 00 00 - 5c fc 69 03 92 4b 1e 6c
..`..D...\.i..K.l
000000000369fc44 01 00 00 00 70 fc 69 03 - ff ff ff ff ff 24 00 00
.....p.i......$..
000000000369fc54 08 fc 69 03 a0 20 0a 00 - 80 fc 69 03 fd 4c 1e 6c ..i..
.....i..L.l
000000000369fc64 ff 24 00 00 ff ff ff ff - 00 00 00 00 84 08 00 00
..$..............
000000000369fc74 00 00 00 00 78 b0 e7 02 - 00 00 00 00 90 fc 69 03
.....x.........i.

*----> State Dump for Thread Id 0x858 <----*

eax=77e76bf9 ebx=00000000 ecx=00000000 edx=00000000 esi=000a3318 edi=000a3354
eip=7c90eb94 esp=0373fe1c ebp=0373ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0373ff80 77e76c2b 0373ffa8 77e76a4d 000a3318 ntdll!KiFastSystemCallRet
0373ff88 77e76a4d 000a3318 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5e3
0373ffa8 77e76c13 000b7ae8 0373ffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x405
0373ffb4 7c80b683 02e902d8 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5cb
0373ffec 00000000 77e76bf9 02e902d8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000373fe1c 99 e3 90 7c 13 67 e7 77 - 80 01 00 00 70 ff 73 03
....|.g.w....p.s.
000000000373fe2c 00 00 00 00 88 c2 19 00 - 00 00 00 00 00 00 00 00
.................
000000000373fe3c 99 cf 4f 80 64 22 d5 85 - 20 20 d5 85 e0 fb 1e 86
...O.d".. ......
000000000373fe4c 58 7b d8 a9 02 e3 5b 86 - 00 00 54 80 00 00 10 00
X{....[...T.....
000000000373fe5c 20 80 36 86 ff ff ff 03 - ff ff ff 03 e0 e2 2c 81
..6...........,.
000000000373fe6c 61 00 00 00 fc 3c 88 c0 - 18 82 36 86 40 f5 df ff
a....<....6.@...
000000000373fe7c 00 00 00 00 1a b4 4f 80 - ac 7b d8 a9 c8 fe 3f c0
.......O..{....?.
000000000373fe8c 00 80 fd 7f 00 00 00 00 - c0 fe 3f 02 88 7b d8 a9
...........?..{..
000000000373fe9c 77 2b 52 80 43 4d 6e 80 - 28 7c d8 a9 27 44 6e 80
w+R.CMn.(|..'Dn.
000000000373feac 00 0d db ba 00 00 00 00 - 00 00 00 00 f8 1f 60 c0
...............`.
000000000373febc 48 7c d8 a9 d6 32 52 80 - ac 7b d8 a9 00 00 00 00
H|...2R..{......
000000000373fecc 00 00 00 00 00 00 00 00 - 38 97 de 85 20 80 36 86
.........8... .6.
000000000373fedc 01 80 36 86 00 00 00 00 - 00 00 00 00 00 00 00 00
...6.............
000000000373feec 1f 00 00 00 ff ff ff ff - 40 f5 df ff 00 00 00 00
.........@.......
000000000373fefc 10 44 6e 80 bc b1 ea 85 - 28 7c d8 a9 00 00 00 00
..Dn.....(|......
000000000373ff0c 27 44 6e 80 08 00 00 00 - 46 02 00 00 48 2d 50 80
'Dn.....F...H-P.
000000000373ff1c 90 b0 ea 85 20 b0 ea 85 - 20 af 4f 80 8c b1 ea 85 ....
.... .O.....
000000000373ff2c 20 b0 ea 85 80 ff 73 03 - a9 66 e7 77 4c ff 73 03
......s..f.wL.s.
000000000373ff3c b9 66 e7 77 ed 10 90 7c - 60 94 e6 02 d8 02 e9 02
..f.w...|`.......
000000000373ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0xf18 <----*

eax=038afb8c ebx=038afb6c ecx=00000a54 edx=7c90eb94 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=038afb44 ebp=038afbe0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=1f80 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Svchost.exe Errors 9
Windows reboots very often... 1
SP2 crashes explorer.exe and iexplorer.exe 2
ntdll crash and allocateheap problem 0
Say's no sound card detected 7
Application exception occurred 1
Execl DrWatson Error 80000007 3
how do i fix this Exception number: c0000005 3

Top