ntdll crash and allocateheap problem

G

Guest

When I look at the properties of a file in Win Exploere and close the window
Explorer crashes in NTDLL.DLL as below, it mention something about function:
ntdll!RtlAllocateHeap .
What does this mean and what is causing the crash.
Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=1592)
When: 9/5/2005 @ 19:22:35.281
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: BOBNEUMANN
User Name: Bob Neumann
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 10 Stepping 0
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Bob Neumann

*----> Task List <----*
0 System Process
4 System
676 smss.exe
748 csrss.exe
776 winlogon.exe
820 services.exe
832 lsass.exe
984 svchost.exe
1060 svchost.exe
1152 svchost.exe
1208 svchost.exe
1328 svchost.exe
1592 Explorer.EXE
1728 spoolsv.exe
1796 wpctrl.exe
1804 IWCTRL.EXE
1832 taskswitch.exe
1896 realsched.exe
1936 Error 0xD0000022
1952 MotiveSB.exe
1960 gcasServ.exe
1968 avgcc.exe
1996 avgemc.exe
2020 ctfmon.exe
2040 FreeRAM XP Pro 1.40.exe
136 LiveUpdate.exe
196 HOTSYNC.EXE
552 aspnet_admin.exe
564 floater.exe
572 avgamsvr.exe
604 avgupsvc.exe
404 mdm.exe
796 nvsvc32.exe
1144 slserv.exe
1240 svchost.exe
1388 Error 0xD0000022
2060 gcasDtServ.exe
2560 alg.exe
3104 DllHost.exe
3276 wuauclt.exe
3848 drwtsn32.exe
3864 dwwin.exe

*----> Module List <----*
(0000000000f10000 - 0000000000f26000:
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\SBHook.dll
(0000000001000000 - 00000000010ff000: C:\WINDOWS\Explorer.EXE
(0000000001180000 - 0000000001192000: C:\WINDOWS\system32\browselc.dll
(0000000001500000 - 000000000151b000: C:\Program Files\Microsoft
AntiSpyware\shellextension.dll
(0000000002940000 - 0000000002c06000: C:\WINDOWS\system32\msi.dll
(00000000030c0000 - 00000000030d9000: C:\Program Files\TiBR Converter\TiBR
Converter.dll
(0000000003380000 - 0000000003397000: C:\WINDOWS\system32\odbcint.dll
(00000000033b0000 - 0000000003438000: C:\WINDOWS\system32\shdoclc.dll
(0000000003cf0000 - 0000000003cfe000: C:\Program Files\HHD Software\Hex
Editor\hexedit.dll
(0000000003d20000 - 0000000003d40000:
C:\PROGRA~1\VISICO~1\ACEFTP~1\FTPCntxt.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001003c000: C:\Program
Files\WinPortrait\WinpHook.dll
(0000000016200000 - 0000000016206000: C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000032520000 - 0000000032532000: C:\Program Files\Microsoft
Office\Office10\msohev.dll
(00000000365a0000 - 00000000365b6000: C:\PROGRA~1\MICROS~3\Office10\MCPS.DLL
(000000004ec50000 - 000000004edf3000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINDOWS\system32\umdmxfrm.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINDOWS\System32\themeui.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINDOWS\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINDOWS\system32\comctl32.dll
(00000000605d0000 - 00000000605d9000: C:\WINDOWS\system32\mslbui.dll
(0000000060980000 - 0000000060987000: C:\WINDOWS\system32\MSISIP.DLL
(00000000621a0000 - 00000000621ae000: C:\Program Files\Grisoft\AVG
Free\avgse.dll
(0000000069450000 - 0000000069466000: C:\WINDOWS\system32\faultrep.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\System32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\System32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\System32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINDOWS\System32\ACTXPRXY.DLL
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
(0000000073ba0000 - 0000000073bb3000: C:\WINDOWS\System32\sti.dll
(0000000073dd0000 - 0000000073ece000: C:\WINDOWS\system32\MFC42.DLL
(0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074af0000 - 0000000074afa000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINDOWS\System32\webcheck.dll
(0000000074ea0000 - 0000000074eb0000: C:\WINDOWS\System32\wshext.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll
(0000000075f60000 - 0000000075f67000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076280000 - 00000000762a1000: C:\WINDOWS\System32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a6000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(0000000077260000 - 00000000772fe000: C:\WINDOWS\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077760000 - 00000000778cc000: C:\WINDOWS\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\System32\Secur32.dll
(00000000780c0000 - 0000000078121000: C:\WINDOWS\MSVCP60.DLL
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c3a0000 - 000000007c41b000: C:\WINDOWS\system32\MSVCP71.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINDOWS\system32\SHELL32.dll

*----> State Dump for Thread Id 0x63c <----*

eax=7ffde000 ebx=00000003 ecx=0007fb8c edx=0000ffff esi=000e1db0 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*----> State Dump for Thread Id 0x698 <----*

eax=018f4e01 ebx=0018aa30 ecx=00000000 edx=7c90eb94 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=014dfd30 ebp=014dfdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
014dfdcc 77d495f9 0000000a 018f4e68 00000000 ntdll!KiFastSystemCallRet
014dfe28 7c9f4e1f 00000009 014dfe50 ffffffff USER32!GetLastInputInfo+0x105
014dff4c 7ca0a300 77f74292 00000000 7c809988 SHELL32!Ordinal646+0x21ea
014dffb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
014dffec 00000000 77f74223 013af4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000014dfd30 ab e9 90 7c f2 94 80 7c - 0a 00 00 00 30 aa 18 00
....|...|....0...
00000000014dfd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000014dfd50 0a 00 00 00 02 00 00 00 - 00 00 00 00 68 4e 8f 01
.............hN..
00000000014dfd60 b0 9e 53 00 a0 04 00 00 - 30 00 00 00 1c b5 00 77
...S.....0......w
00000000014dfd70 00 00 09 00 6c fb 4d 01 - 14 00 00 00 01 00 00 00
.....l.M.........
00000000014dfd80 80 0b 0c 00 00 00 00 00 - 00 00 00 00 eb 06 91 7c
................|
00000000014dfd90 0f 9a 80 7c 00 00 09 00 - 00 f0 fd 7f 00 70 fd 7f
....|.........p..
00000000014dfda0 00 70 fd 7f 00 00 00 00 - 30 aa 18 00 a8 93 d4 77
..p......0......w
00000000014dfdb0 0a 00 00 00 4c fd 4d 01 - 00 00 00 00 dc ff 4d 01
.....L.M.......M.
00000000014dfdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe 4d 01
....|...|....(.M.
00000000014dfdd0 f9 95 d4 77 0a 00 00 00 - 68 4e 8f 01 00 00 00 00
....w....hN......
00000000014dfde0 ff ff ff ff 01 00 00 00 - 48 e2 0b 00 09 00 00 00
.........H.......
00000000014dfdf0 00 00 00 00 9b 92 d4 77 - 00 00 00 00 3c fe 4d 01
........w....<.M.
00000000014dfe00 28 4f 9f 7c 20 fe 4d 01 - 00 00 00 00 00 00 00 00 (O.|
..M.........
00000000014dfe10 00 00 00 00 fb 7a 00 00 - 00 00 00 00 01 00 00 00
......z..........
00000000014dfe20 00 70 fd 7f fc 01 00 00 - 4c ff 4d 01 1f 4e 9f 7c
..p......L.M..N.|
00000000014dfe30 09 00 00 00 50 fe 4d 01 - ff ff ff ff ff 04 00 00
.....P.M.........
00000000014dfe40 68 4e 8f 01 00 00 00 00 - 00 00 00 00 00 00 00 00
hN..............
00000000014dfe50 10 07 00 00 28 02 00 00 - 64 04 00 00 7c 04 00 00
.....(...d...|...
00000000014dfe60 60 04 00 00 3c 03 00 00 - f4 01 00 00 04 02 00 00
`...<...........

*----> State Dump for Thread Id 0x718 <----*

eax=77e76bf0 ebx=00000000 ecx=0000000f edx=003c1f20 esi=000aca48 edi=00000100
eip=7c90eb94 esp=016ffe1c ebp=016fff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
016fff80 77e76c22 016fffa8 77e76a3b 000aca48 ntdll!KiFastSystemCallRet
016fff88 77e76a3b 000aca48 003c0560 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
016fffa8 77e76c0a 000ac900 016fffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
016fffb4 7c80b50b 001848d0 003c0560 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
016fffec 00000000 77e76bf0 001848d0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000016ffe1c 99 e3 90 7c 03 67 e7 77 - 98 01 00 00 70 ff 6f 01
....|.g.w....p.o.
00000000016ffe2c 00 00 00 00 88 08 10 00 - 54 ff 6f 01 00 00 00 00
.........T.o.....
00000000016ffe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe6c 02 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffeac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffebc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffeec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016ffefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000016fff0c 00 00 00 00 00 00 00 00 - 44 7f 03 83 24 1c d7 b6
.........D...$...
00000000016fff1c b2 c2 4d 80 ba c2 4d 80 - 14 7f 03 83 a8 7d 03 83
...M...M......}..
00000000016fff2c dc 7d 03 83 80 ff 6f 01 - 99 66 e7 77 4c ff 6f 01
..}....o..f.wL.o.
00000000016fff3c a9 66 e7 77 ed 10 90 7c - a8 48 18 00 d0 48 18 00
..f.w...|.H...H..
00000000016fff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x1f0 <----*

eax=01901cc8 ebx=00004e20 ecx=00000000 edx=01a5fb4c esi=01a5fd68 edi=77d491c6
eip=7c90eb94 esp=01a5fcf8 ebp=01a5fd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
01a5fd14 76281513 01a5fd68 00000000 00000000 ntdll!KiFastSystemCallRet
01a5fd8c 76283746 76280000 00000000 000101ae stobject+0x1513
01a5ffb4 7c80b50b 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x1fa4
01a5ffec 00000000 762836f7 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001a5fcf8 be 91 d4 77 f1 91 d4 77 - 68 fd a5 01 00 00 00 00
....w...wh.......
0000000001a5fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd a5 01
.................
0000000001a5fd18 13 15 28 76 68 fd a5 01 - 00 00 00 00 00 00 00 00
...(vh...........
0000000001a5fd28 00 00 00 00 00 00 00 00 - 00 00 28 76 00 00 00 00
...........(v....
0000000001a5fd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00
0....@..!.(v....
0000000001a5fd48 1e 00 00 00 00 00 28 76 - 69 00 04 00 11 00 01 00
.......(vi.......
0000000001a5fd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00
..........1(v....
0000000001a5fd68 ae 01 01 00 13 01 00 00 - 05 00 00 00 00 00 00 00
.................
0000000001a5fd78 26 0c 03 00 d0 00 00 00 - 05 01 00 00 00 00 00 00
&...............
0000000001a5fd88 00 00 00 00 b4 ff a5 01 - 46 37 28 76 00 00 28 76
.........F7(v..(v
0000000001a5fd98 00 00 00 00 ae 01 01 00 - 01 00 00 00 00 00 00 00
.................
0000000001a5fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00
C.:.\.W.I.N.D.O.
0000000001a5fdb8 57 00 53 00 5c 00 53 00 - 79 00 73 00 74 00 65 00
W.S.\.S.y.s.t.e.
0000000001a5fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00
m.3.2.\.s.t.o.b.
0000000001a5fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00
j.e.c.t...d.l.l.
0000000001a5fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff a5 01
....|............
0000000001a5fdf8 23 00 00 00 0c 0c 00 00 - 00 18 1f 88 af af d4 cf
#...............
0000000001a5fe08 ce aa ce 86 0c 00 0c 0c - 0c 0c 0c 0c 10 1f 83 83
.................
0000000001a5fe18 83 83 30 83 31 30 12 19 - 0a 12 13 11 11 10 0c 0c
...0.10..........
0000000001a5fe28 0c 0c 00 0c 00 00 0c 00 - 00 00 0c 00 00 00 00 0c
.................

*----> State Dump for Thread Id 0x244 <----*

eax=01a1eb51 ebx=01a1fd80 ecx=01a1ee0c edx=02920000 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=01a1fd58 ebp=01a1fdf4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
*** WARNING: Unable to verify checksum for C:\Program
Files\WinPortrait\WinpHook.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\WinPortrait\WinpHook.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
01a1fdf4 10004fc7 00000003 01a1fe38 00000000 ntdll!KiFastSystemCallRet
77dd7883 2cec83ec 39ff3357 7d89107d f47d89f8 WinpHook+0x4fc7
8b55ff8b 00000000 00000000 00000000 00000000 0x2cec83ec

*----> Raw Stack Dump <----*
0000000001a1fd58 ab e9 90 7c f2 94 80 7c - 03 00 00 00 80 fd a1 01
....|...|........
0000000001a1fd68 01 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00
.................
0000000001a1fd78 7c 2f 81 7c 28 9c 80 7c - d0 03 00 00 d8 03 00 00
|/.|(..|........
0000000001a1fd88 dc 03 00 00 10 00 11 00 - 98 d8 00 10 d4 fd a1 01
.................
0000000001a1fd98 1d ca 00 10 00 00 d4 77 - 14 00 00 00 01 00 00 00
........w........
0000000001a1fda8 00 00 00 00 00 00 00 00 - 10 00 00 00 e8 8f d4 77
................w
0000000001a1fdb8 fc 8f d4 77 a9 91 d4 77 - 00 f0 fd 7f 00 60 fd 7f
....w...w.....`..
0000000001a1fdc8 fc 8f d4 77 00 00 00 00 - 80 fd a1 01 18 1f 8c 01
....w............
0000000001a1fdd8 03 00 00 00 74 fd a1 01 - cc fd a1 01 a4 ff a1 01
.....t...........
0000000001a1fde8 f3 99 83 7c 90 95 80 7c - 00 00 00 00 83 78 dd 77
....|...|.....x.w
0000000001a1fdf8 c7 4f 00 10 03 00 00 00 - 38 fe a1 01 00 00 00 00
..O......8.......
0000000001a1fe08 ff ff ff ff 00 00 00 00 - 00 00 00 00 18 1f 8c 01
.................
0000000001a1fe18 b4 ff a1 01 18 1f 8c 01 - 00 00 00 00 00 00 00 00
.................
0000000001a1fe28 00 00 00 00 e4 03 00 00 - e8 03 00 00 e0 03 00 00
.................
0000000001a1fe38 d0 03 00 00 d8 03 00 00 - dc 03 00 00 00 00 00 00
.................
0000000001a1fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001a1fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001a1fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000001a1fe78 00 00 00 00 00 00 00 00 - 43 3a 5c 50 72 6f 67 72
.........C:\Progr
0000000001a1fe88 61 6d 20 46 69 6c 65 73 - 5c 57 69 6e 50 6f 72 74 am
Files\WinPort

*----> State Dump for Thread Id 0x4d4 <----*

eax=72d230e8 ebx=00fcfef8 ecx=00000086 edx=00000000 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=00fcfed0 ebp=00fcff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
00fcff6c 7c809c86 00000002 00fcffa4 00000000 ntdll!KiFastSystemCallRet
00fcff88 72d2312a 00000002 00fcffa4 00000000
kernel32!WaitForMultipleObjects+0x18
00fcffb4 7c80b50b 00000000 00144c70 00090000 wdmaud!midMessage+0x348
00fcffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fcfed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe fc 00
....|...|........
0000000000fcfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 70 4c 14 00
.............pL..
0000000000fcfef0 00 00 00 00 00 00 00 00 - 08 03 00 00 40 04 00 00
.............@...
0000000000fcff00 9c 9c 00 d6 94 94 00 c6 - 84 8c 00 c6 6b 6b 00 84
.............kk..
0000000000fcff10 4a 4a 00 00 44 ef 16 83 - 14 00 00 00 01 00 00 00
JJ..D...........
0000000000fcff20 80 24 15 00 00 00 00 00 - 00 00 00 00 dc ed 16 83
..$..............
0000000000fcff30 00 00 00 00 ea b5 57 80 - 00 f0 fd 7f 00 f0 fa 7f
.......W.........
0000000000fcff40 00 f0 fa 7f 00 00 00 00 - f8 fe fc 00 00 00 00 00
.................
0000000000fcff50 02 00 00 00 ec fe fc 00 - 00 00 00 00 dc ff fc 00
.................
0000000000fcff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff fc 00
....|...|........
0000000000fcff70 86 9c 80 7c 02 00 00 00 - a4 ff fc 00 00 00 00 00
....|............
0000000000fcff80 ff ff ff ff 00 00 00 00 - b4 ff fc 00 2a 31 d2 72
.............*1.r
0000000000fcff90 02 00 00 00 a4 ff fc 00 - 00 00 00 00 ff ff ff ff
.................
0000000000fcffa0 00 00 09 00 08 03 00 00 - 40 04 00 00 00 00 00 00
.........@.......
0000000000fcffb0 dc e2 90 7c ec ff fc 00 - 0b b5 80 7c 00 00 00 00
....|.......|....
0000000000fcffc0 70 4c 14 00 00 00 09 00 - 00 00 00 00 00 f0 fa 7f
pL..............
0000000000fcffd0 00 a6 66 83 c0 ff fc 00 - 88 59 1a 83 ff ff ff ff
...f......Y......
0000000000fcffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000000fcfff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00
......0.r........
0000000000fd0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xe84 <----*

eax=77e76bf0 ebx=00000000 ecx=7c9105c8 edx=00000000 esi=000aca48 edi=00000100
eip=7c90eb94 esp=0173fe1c ebp=0173ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
0173ff80 77e76c22 0173ffa8 77e76a3b 000aca48 ntdll!KiFastSystemCallRet
0173ff88 77e76a3b 000aca48 00090000 7c910732 RPCRT4!I_RpcBCacheFree+0x5ea
0173ffa8 77e76c0a 000ac900 0173ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0173ffb4 7c80b50b 000fd510 00090000 7c910732 RPCRT4!I_RpcBCacheFree+0x5d2
0173ffec 00000000 77e76bf0 000fd510 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000173fe1c 99 e3 90 7c 03 67 e7 77 - 98 01 00 00 70 ff 73 01
....|.g.w....p.s.


*----> State Dump for Thread Id 0xe90 <----*

eax=77a8964a ebx=017aff18 ecx=013ad6a0 edx=000e27b0 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=017afef0 ebp=017aff8c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\CRYPT32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
017aff8c 77a89675 00000001 000c5588 00000000 ntdll!KiFastSystemCallRet
017affb4 7c80b50b 00000001 00090000 00000000
CRYPT32!CertEnumSystemStoreLocation+0x133f
017affec 00000000 77a8964a 000c5580 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000017afef0 ab e9 90 7c f2 94 80 7c - 01 00 00 00 18 ff 7a 01
....|...|......z.
00000000017aff00 01 00 00 00 00 00 00 00 - 4c ff 7a 01 00 00 00 00
.........L.z.....
00000000017aff10 80 55 0c 00 88 55 0c 00 - 54 05 00 00 b2 c2 4d 80
..U...U..T.....M.
00000000017aff20 ba c2 4d 80 1c 2b f6 82 - b0 29 f6 82 e4 29 f6 82
...M..+...)...)..
00000000017aff30 b2 c2 4d 80 ea b5 57 80 - 14 00 00 00 01 00 00 00
...M...W.........
00000000017aff40 b0 1d 13 00 00 00 00 00 - 00 00 00 00 80 2e 0f f7
.................
00000000017aff50 ff ff ff ff 00 00 00 00 - 00 f0 fd 7f 00 e0 fa 7f
.................
00000000017aff60 00 00 00 00 4c ff 7a 01 - 18 ff 7a 01 02 01 00 00
.....L.z...z.....
00000000017aff70 01 00 00 00 0c ff 7a 01 - 00 00 00 00 dc ff 7a 01
.......z.......z.
00000000017aff80 f3 99 83 7c 90 95 80 7c - 00 00 00 00 b4 ff 7a 01
....|...|......z.
00000000017aff90 75 96 a8 77 01 00 00 00 - 88 55 0c 00 00 00 00 00
u..w.....U......
00000000017affa0 98 3a 00 00 00 00 00 00 - 00 00 09 00 00 00 00 00
..:..............
00000000017affb0 80 55 0c 00 ec ff 7a 01 - 0b b5 80 7c 01 00 00 00
..U....z....|....
00000000017affc0 00 00 09 00 00 00 00 00 - 80 55 0c 00 00 e0 fa 7f
..........U......
00000000017affd0 00 a6 66 83 c0 ff 7a 01 - 58 73 0a 83 ff ff ff ff
...f...z.Xs......
00000000017affe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
00000000017afff0 00 00 00 00 4a 96 a8 77 - 80 55 0c 00 00 00 00 00
.....J..w.U......
00000000017b0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000017b0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000017b0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xe9c <----*

eax=0052000c ebx=00090000 ecx=000000ac edx=6ade000d esi=0052005c edi=00520054
eip=7c9106c3 esp=0307d4fc ebp=0307d71c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216

function: ntdll!RtlAllocateHeap
7c9106c1 2ac1 sub al,cl
FAULT ->7c9106c3 884706 mov [edi+0x6],al
ds:0023:0052005a=00
7c9106c6 8bc7 mov eax,edi
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Explorer exception 2
Svchost.exe Errors 9
Windows reboots very often... 1
SP2 crashes explorer.exe and iexplorer.exe 2
Say's no sound card detected 7
Application exception occurred 1
Print Spooler Stops in Windows XP 1
Execl DrWatson Error 80000007 3

Top